Setup your Exchange lab in less than $50 bucks

This tutorial will guide you on having a full Exchange environment in the cloud following best practices, Basically to setup your Exchange lab in less than $50 bucks – Prior to this lab I had setup a lab at my home running tons of memory and disk storage but getting a live production like lab is not easy to setup where you want to setup the #OWA and #ActiveSync and test these services externally.

Taking advantage of the fact that there are high competition between cloud service providers, After long evaluation and personal testing I picked the cloud provider that will meet all the requirements. So I decided to go with #VPSIE (vpsie). In this post I will not be doing too much technical stuff but I’m going to put the screen capture and how does it look like once you register. Signup-Link — I liked this one not only because of the best pricing  but also they offer Windows server on all their packages with  #SSD (by default in their all offering). For any version of #Exchange #server SSD makes a huge difference.

You many not need to setup a live lab like this for #DAG but for other service yes it does help a lot.

It also gives you the console level access directly from the browser without installing any Java or add-ons which is neat for troubleshooting as well as their live support. Let’ s start by looking at the lab at my domain name in this case is https://mail.O365SME.COM



Package selection would be minimal required for this lab environment – Spike package would be sufficient for our lab.


LAB Servers

In this lab I’ve setup only one AD Server and One Exchange 2010 SP3 – You can see the RAM and and the Disk allowed to each.

To protect Active Directory I have set it up on private network while it can only communicate with Exchange over private link – It’s a very bad idea to have AD on public Internet that is definitely not recommended  for any production use.

OS Selection:

I selected Windows Server 2012 R2 Standard edition for this lab – It comes already activated so


This is the actual look of my account configured for this lab.



It took 2 minutes to spin up each of the Windows servers – After Spinning up – I logged in to console to configure AD as the DNS and do basic configurations that we will get to in details.

Console Access – Coolest Feature 

This feature I must mention here which I’ve not seen using #azure (I am not compare with #azure but wish if they offered that feature). Many time it happens what if the server is not accessible  over remote desktop?    I’ve ran into the situation where I lost access to the RDP and I had de-allocate and re-allocate the machine. Reboot the machine a number of times to made it work. Console Feature , let’s you login to the console just like logging in via KVM. It just simply work on the web browser (safari, firefox and IE). Even if you have to change the port for the RDP you can make the changes via console access and RDP on that port.

Another good and important feature is Private IP (I’ll talk about more details later). So even if you have a private ip on you VM you can still access it via console access, you don’t really need a public ip to access that machine.

What you can achieve with this , you don’t have to publish that server on the public ip address. If you were to put an AD server for your Exchange Server then you don’t need a public ip address on that server. You can access that server on the private ip using console access over a browser.



The actual console will look like that, Within a browser window – Very neat:)



I wanted to keep the cost for this lab at the lower end – So I started with the lower package and then manually added 10GB of SSD storage individually to satisfy exchange minimal storage requirements  :



Exchange is an application that is streamlined by hands-on experience, To actually learn it you need to do it – you could take advantage of their | Free Trial Now |– As we go with more details on the technical part of this setup I need to have some time to put together some topology graph as well as high level architecture overview. 

Virtualization Deep Dive Day – Feb 12th 2010



We have most of the details ironed out about the Virtualization Deep Dive Day on Feb 12.  I think I have mentioned it to all of you.  I wanted to write to get commitment from you on your level of interest in participation.   At the very least, I would love for you to promote the event.  If possible, I would very much appreciate any assistance you could provide on the day of the event.  In a nutshell it is an all day virtualization event being held in Waltham MA.  We have Panopto lined up to simulcast to the web and would like to  have one track of the event presented at the NYC Microsoft Office on the day of the event.  There will be an opportunity for attendees in NYC to ask questions of the presenters and we hope to also have one or two subject matter experts onsite in NYC.  Edwin Woo will be the owner of the NYC part of the event.  We have reserved the MPR rooms (Belvedere & Bethesda Terrace Conference Room) which seats 75 people. We have at least one Microsoft person on cue to support the event.  I would be looking for you guys to do what you do best…


Help coordinate things on the ground in NYC and drive attendance.  Details of the event can be found at  All groups that participate at any level (even just promoting it to their users) will be listed on the website as sponsors.  Those that help with coordination will be eligible for profit sharing from the event.  We will handle registration on our end.  We have already lined up sponsors and speakers so it will be pretty easy on your part.  If you want to line up additional local sponsors/speakers, you are welcome to do that.


There will be a very small fee for attendees.  I think it will be $10 early bird and $15 after that.  We am arranging to get some Swag to you guys so at the end of the day when we do Swag handout’s you will do the same at your event.  All of the funds you bring in for the entry fee will go to the NYC groups that actively participate in the event. We will also be offering an online option after the event so people can attend virtually if they cannot make it the day of the event.  The online option will be $15.  If Live attendees want to also have access to the online content they can get a ticket for only $10.  All of these details and more will be documented once the registration site goes up next week.  All content will be streamed from Waltham MA.  If you have a speaker locally that you would rather cover the content (or change the content) that is fine with us.  We do have agreements with some vendors so there may be one or two sessions that we will not be able to change.  The NYC Schedule currently looks like the following:

What’s new in Windows 2008 R2 Active Directory

While I’ve been going through the documentation of Windows Server 2008 R2 I’ve come across few geeky stuff  which you (systems admins) must know. I’m so excited about few of the enhancements.  I’ve compiled them in the form of tips.

Read-Only Domain Controllers
A read-only domain controller (RODC) is a new type of domain controller in the Windows Server® 2008 operating system. With an RODC, organizations can easily deploy a domain controller in locations where physical security cannot be guaranteed. An RODC hosts read-only partitions of the Active Directory® Domain Services (AD DS) database.

Fine-grained password policies

You can use fine-grained password policies to specify multiple password policies within a single domain. You can use fine-grained password policies to apply different restrictions for password and account lockout policies to different sets of users in a domain.

For example, you can apply stricter settings to privileged accounts and less strict settings to the accounts of other users. In other cases, you might want to apply a special password policy for accounts whose passwords are synchronized with other data sources.

Restartable Active Directory Domain Services
Administrators can stop and restart Active Directory® Domain Services (AD DS) in the Windows Server® 2008 operating system by using Microsoft Management Console (MMC) snap-ins or the command line.

Restartable AD DS reduces the time that is required to perform certain operations. AD DS can be stopped so that updates can be applied to a domain controller; also, administrators can stop AD DS to perform tasks such as offline defragmentation of the Active Directory database, without restarting the domain controller. Other services that are running on the server and that do not depend on AD DS to function, such as Dynamic Host Configuration Protocol (DHCP), remain available to satisfy client requests while AD DS is stopped.

Active Directory Recycle Bin
Information technology (IT) professionals can use Active Directory Recycle Bin to undo an accidental deletion of an Active Directory object. Accidental object deletion causes business downtime. Deleted users cannot log on or access corporate resources. This is the number one cause of Active Directory recovery scenarios. Active Directory Recycle Bin works for both AD DS and Active Directory Lightweight Directory Services (AD LDS) objects. This feature is enabled in AD DS at the Windows Server 2008 R2 forest functional level. For AD LDS, all replicas must be running in a new “application mode.”

Active Directory module for Windows PowerShell and Windows PowerShell™ cmdlets
The Active Directory module for Windows PowerShell provides command-line scripting for administrative, configuration, and diagnostic tasks, with a consistent vocabulary and syntax. It provides predictable discovery and flexible output formatting. You can easily pipe cmdlets to build complex operations. The Active Directory module enables end-to-end manageability with Exchange Server, Group Policy, and other services.

Active Directory Administrative Center
The Active Directory Administrative Center has a task-oriented administration model, with support for larger datasets. The Active Directory Administrative Center can help increase the productivity of IT professionals by providing a scalable, task-oriented user experience for managing AD DS. In the past, the lack of a task-oriented user interface (UI) could make certain activities, such as resetting user passwords, more difficult than they had to be. The Active Directory Administrative Center enumerates and organizes the activities that you perform when you manage a system. These activities may be maintenance tasks, such as backup; event-driven tasks, such as adding a user; or diagnostic tasks that you perform to correct system failures.

Active Directory Best Practices Analyzer
The Active Directory Best Practices Analyzer (BPA) identifies deviations from best practices to help IT professionals better manage their Active Directory deployments. BPA uses Windows PowerShell cmdlets to gather run-time data. It analyzes Active Directory settings that can cause unexpected behavior. It then makes Active Directory configuration recommendations in the context of your deployment. The Active Directory BPA is available in Server Manager

Active Directory Web Services
Active Directory Web Services (ADWS) provides a Web service interface to Active Directory domains and AD LDS instances, including snapshots, that are running on the same Windows Server 2008 R2 server as ADWS

Authentication mechanism assurance
Authentication mechanism assurance makes it possible for applications to control resource access based on authentication strength and method. Administrators can map various properties, including authentication type and authentication strength, to an identity. Based on information that is obtained during authentication, these identities are added to Kerberos tickets for use by applications. This feature is enabled at the Windows Server 2008 R2domain functional level.
Resource –