Exchange Organization Example Document
Exchange Organization Example Document
Author DEMO2012R2\sysadmin
Version 1.11
Item ID 1010
Id 58d6ed65-cba3-4d1a-895c-17e3eec45574
Version 15.1.0.0
2 Journal Rules
Name Journal
GUID 91475ac5-5b76-413a-a93d-6ed25b4f33fe
Settings
Enabled True
GUID 2ffdc1ba-d4f5-4688-904a-5a565252b30f
Settings
Enabled True
Recipient [email protected]
Name Tags
ArbitrationMailbox AsyncOperationNotification
AutoGroup
ModeratedRecipients
Never Delete
Name ArbitrationMailbox
GUID 2bc8dcbb-76b7-4c71-9f80-77ab4795eae6
AsyncOperationNotification Personal When the item reaches 30 days old Delete and allow recovery
AutoGroup Personal When the item reaches 30 days old Delete and allow recovery
ModeratedRecipients Personal When the item reaches 2 days old Delete and allow recovery
GUID 723e956e-4112-4ec1-99c6-dbaa13ca9fdc
1 Month Delete Personal When the item reaches 30 days old Delete and allow recovery
1 Week Delete Personal When the item reaches 7 days old Delete and allow recovery
1 Year Delete Personal When the item reaches 365 days old Delete and allow recovery
5 Year Delete Personal When the item reaches 1825 days old Delete and allow recovery
6 Month Delete Personal When the item reaches 180 days old Delete and allow recovery
Default 2 year move to archive Default When the item reaches 730 days old Move to archive
Personal 1 year move to archive Personal When the item reaches 365 days old Move to archive
Personal 5 year move to archive Personal When the item reaches 1825 days old Move to archive
Recoverable Items 14 days move to archive Recoverable When the item reaches 14 days old Move to archive
Items
1 Month Delete Personal When the item reaches 30 days old Delete and allow recovery
1 Week Delete Personal When the item reaches 7 days old Delete and allow recovery
1 Year Delete Personal When the item reaches 365 days old Delete and allow recovery
5 Year Delete Personal When the item reaches 1825 days old Delete and allow recovery
6 Month Delete Personal When the item reaches 180 days old Delete and allow recovery
AsyncOperationNotification Personal When the item reaches 30 days old Delete and allow recovery
AutoGroup Personal When the item reaches 30 days old Delete and allow recovery
Default 2 year move to archive Default When the item reaches 730 days old Move to archive
ModeratedRecipients Personal When the item reaches 2 days old Delete and allow recovery
Personal 1 year move to archive Personal When the item reaches 365 days old Move to archive
Personal 5 year move to archive Personal When the item reaches 1825 days old Move to archive
Recoverable Items 14 days move to archive Recoverable When the item reaches 14 days old Move to archive
Items
Name demo2012r2.net
GUID 360cf431-bf64-4b9b-9f5d-1718139d7f87
Default True
GUID 4cad1512-c64f-40af-ab02-eb2f752a0585
Priority Lowest
Applied True
Applied To
Enabled True
Comment
GUID f2935c4f-dfb2-4d23-b095-0e9def3d342c
Security
Scoping
Bindings [::]:587
0.0.0.0:587
FQDN EX1-2K12R2-DEMO.demo2012r2.net
Enabled True
Comment
GUID 890c49d5-7edc-4397-a058-e7b280b7e5c3
Security
Scoping
Bindings [::]:587
0.0.0.0:587
FQDN EX2-2K12R2-DEMO.demo2012r2.net
Enabled True
Comment
GUID 3c2d90d4-a3a4-48c6-a7d4-2dfc48ebc367
Security
Scoping
Bindings [::]:465
0.0.0.0:465
FQDN EX1-2K12R2-DEMO.demo2012r2.net
Enabled True
Comment
GUID 824ffea9-32f0-4944-a6a2-c008aac55d1c
Security
Scoping
Bindings [::]:465
0.0.0.0:465
FQDN EX2-2K12R2-DEMO.demo2012r2.net
Enabled True
Comment
GUID 9b955c95-2962-4c6f-bbcb-b9959de7dccb
Security
Scoping
Bindings 0.0.0.0:2525
[::]:2525
FQDN EX1-2K12R2-DEMO.demo2012r2.net
Enabled True
Comment
GUID 513b19cf-cfa7-44b4-b78d-c522acea75c9
Security
Scoping
Bindings 0.0.0.0:2525
[::]:2525
FQDN EX2-2K12R2-DEMO.demo2012r2.net
Enabled True
Comment
GUID 6341530b-fad8-4ca4-b81e-d5b2a39276eb
Security
Scoping
Bindings [::]:25
0.0.0.0:25
FQDN EX1-2K12R2-DEMO.demo2012r2.net
Enabled True
Comment
GUID 2e179711-56ae-4938-9ba0-33b3dac793bc
Security
Scoping
Bindings [::]:25
0.0.0.0:25
FQDN EX2-2K12R2-DEMO.demo2012r2.net
Enabled True
Comment
GUID a6c50956-3401-423c-b7f8-5422de1886a2
Security
Scoping
Bindings [::]:717
0.0.0.0:717
FQDN EX1-2K12R2-DEMO.demo2012r2.net
Enabled True
Comment
GUID e6d623ee-457b-46f7-9e46-2ac012a1bd48
Security
Scoping
Bindings [::]:717
0.0.0.0:717
FQDN EX2-2K12R2-DEMO.demo2012r2.net
GUID 22ac0383-c03d-4688-858e-36668a3512d4
Settings
Enabled True
Mode Enforce
Priority 0
Details
Name Enabled
Journal True
Outbound True
Name Journal
Enabled True
Comment
GUID 8922be8e-827f-473b-a2e3-6de9cfc548b4
Delivery
Scoping
FQDN
1 Address Spaces
SMTP *.journaldemo.net 1
Name Outbound
Enabled True
Comment
GUID d557d88d-cd13-4096-82c5-e4b9c633fa70
Delivery
Scoping
FQDN smtp.demo2012r2.net
1 Address Spaces
SMTP * 1
Name Contoso
Default False
GUID 0ded286d-20a0-4ff6-a170-a0b9825a0036
Security
Device
Name Default
Default True
GUID bf929267-2848-4e3d-b851-15e1545ad28b
Security
Device
Sync Settings
Description Shows Action Item suggestions from your email. This add-in will not share your data with any
third-party service.
Add-In Settings
Enabled True
Version 1.0
Description Map addresses found in your email. This add-in will send addresses to Bing but will not share your data
with any third-party service.
Add-In Settings
Enabled True
Permissions Restricted
Version 1.1
Name My Templates
Description Use this add-in to save text and images you can insert into a message with one click. This add-in will
not share your data with any third-party service.
Add-In Settings
Enabled True
Version 1.0
Description Shows meeting suggestions found in your email and allows you to add them to your calendar. This
add-in will not share your data with any third-party service.
Add-In Settings
Enabled True
Version 1.1
Name Unsubscribe
Description This add-in is triggered by messages from subscription email feeds, and allows you to block the sender
or unsubscribe from the source. This add-in will not share your data with any third-party service.
Add-In Settings
Enabled True
Version 1.0
GUID 1b7a6119-cabb-4c0a-888b-99cfe572d65f
Container Name \
Recipient Filter ((Alias -ne $null) -and (((ObjectCategory -like 'person') -and (ObjectClass -eq 'contact'))))
GUID 17619bde-361b-40d4-9e3d-8422fd56d119
Container Name \
GUID 7782ee42-1651-4021-9e23-1d339cb605d8
Container Name \
Recipient Filter ((Alias -ne $null) -and (((RecipientDisplayType -eq 'ConferenceRoomMailbox') -or
(RecipientDisplayType -eq 'SyncedConferenceRoomMailbox'))))
GUID b2cb4b85-1dd6-42fb-becd-256d9042e004
Container Name \
Recipient Filter ((Alias -ne $null) -and (((((((ObjectCategory -like 'person') -and (ObjectClass -eq 'user') -and
(-not(Database -ne $null)) -and (-not(ServerLegacyDN -ne $null)))) -or (((ObjectCategory -like 'person')
-and (ObjectClass -eq 'user') -and (((Database -ne $null) -or (ServerLegacyDN -ne $null))))))) -and
(-not(RecipientTypeDetailsValue -eq 'GroupMailbox')))))
GUID 3d89a4be-35d4-4c02-bf81-1391feba71db
Recipient Filter ((Alias -ne $null) -and (((ObjectClass -eq 'user') -or (ObjectClass -eq 'contact') -or (ObjectClass -eq
'msExchSystemMailbox') -or (ObjectClass -eq 'msExchDynamicDistributionList') -or (ObjectClass -eq
'group') -or (ObjectClass -eq 'publicFolder'))))
GUID e68932fb-a1f2-428f-a7d4-c95d77dfe3fa
Container Name \
Name Description
Compliance Management This role group will allow a specified user, responsible for compliance, to properly configure and
manage compliance settings within Exchange in accordance with their policy.
Delegated Setup Members of this management role group have permissions to install and uninstall Exchange on
provisioned servers. This role group shouldn't be deleted.
Discovery Management Members of this management role group can perform searches of mailboxes in the Exchange
organization for data that meets specific criteria.
Help Desk Members of this management role group can view and manage the configuration for individual
recipients and view recipients in an Exchange organization. Members of this role group can only
manage the configuration each user can manage on his or her own mailbox. Additional
permissions can be added by assigning additional management roles to this role group.
Hygiene Management Members of this management role group can manage Exchange anti-spam features and grant
permissions for antivirus products to integrate with Exchange.
Organization Management Members of this management role group have permissions to manage Exchange objects and
their properties in the Exchange organization. Members can also delegate role groups and
management roles in the organization. This role group shouldn't be deleted.
Public Folder Management Members of this management role group can manage public folders. Members can create and
delete public folders and manage public folder settings such as replicas, quotas, age limits, and
permissions as well as mail-enable and mail-disable public folders.
Recipient Management Members of this management role group have rights to create, manage, and remove Exchange
recipient objects in the Exchange organization.
Records Management Members of this management role group can configure compliance features such as retention
policy tags, message classifications, transport rules, and more.
Security Administrator Membership in this role group is synchronized across services and managed centrally. This role
group is not manageable through the administrator portals. Members of this role group may
include cross-service administrators, as well as external partner groups and Microsoft Support. By
default, this group may not be assigned any roles. However, it will be a member of the Security
Administrators role groups and will inherit the capabilities of that role group.
Security Reader Membership in this role group is synchronized across services and managed centrally. This role
group is not manageable through the administrator portals. Members of this role group may
include cross-service administrators, as well as external partner groups and Microsoft Support. By
default, this group may not be assigned any roles. However, it will be a member of the Security
Reader role groups and will inherit the capabilities of that role group.
Server Management Members of this management role group have permissions to manage all Exchange servers
within the Exchange organization, but members don't have permissions to perform operations that
have global impact in the Exchange organization.
UM Management Members of this management role group can manage Unified Messaging organization, server,
and recipient configuration.
View-Only Organization Management Members of this management role group can view recipient and configuration objects and their
properties in the Exchange organization.
Description This role group will allow a specified user, responsible for compliance, to properly configure and
manage compliance settings within Exchange in accordance with their policy.
GUID 9f317cd5-b5ad-4165-bfe0-21d0e4696635
Description Members of this management role group have permissions to install and uninstall Exchange on
provisioned servers. This role group shouldn't be deleted.
GUID 3ef95e01-0b22-4e86-9fc8-725edbc095c1
Description Members of this management role group can perform searches of mailboxes in the Exchange
organization for data that meets specific criteria.
GUID aa531e50-99d5-490a-b671-172657a4ad58
Description Members of this management role group can view and manage the configuration for individual
recipients and view recipients in an Exchange organization. Members of this role group can only
manage the configuration each user can manage on his or her own mailbox. Additional permissions
can be added by assigning additional management roles to this role group.
GUID 6fd16174-85cd-4d57-9d01-49418d1b6961
Description Members of this management role group can manage Exchange anti-spam features and grant
permissions for antivirus products to integrate with Exchange.
GUID 47a03c48-4bbf-4c20-a8cf-9dca11e7816f
Description Members of this management role group have permissions to manage Exchange objects and their
properties in the Exchange organization. Members can also delegate role groups and management
roles in the organization. This role group shouldn't be deleted.
GUID cfed3649-f8be-4474-a7d9-073a27515105
Description Members of this management role group can manage public folders. Members can create and delete
public folders and manage public folder settings such as replicas, quotas, age limits, and permissions
as well as mail-enable and mail-disable public folders.
GUID 0c28dc54-e110-4272-8ad5-cfbe2c578c10
Description Members of this management role group have rights to create, manage, and remove Exchange
recipient objects in the Exchange organization.
GUID f06e922c-569f-402f-8783-fb020ed0c0fe
Description Members of this management role group can configure compliance features such as retention policy
tags, message classifications, transport rules, and more.
GUID 50f6feb3-72c1-4184-818a-7bb22027b423
Description Membership in this role group is synchronized across services and managed centrally. This role group
is not manageable through the administrator portals. Members of this role group may include
cross-service administrators, as well as external partner groups and Microsoft Support. By default, this
group may not be assigned any roles. However, it will be a member of the Security Administrators role
groups and will inherit the capabilities of that role group.
GUID 9cf06860-a357-43b2-94f8-e4cc5e50956b
Description Membership in this role group is synchronized across services and managed centrally. This role group
is not manageable through the administrator portals. Members of this role group may include
cross-service administrators, as well as external partner groups and Microsoft Support. By default, this
group may not be assigned any roles. However, it will be a member of the Security Reader role groups
and will inherit the capabilities of that role group.
GUID 2b8789c4-b058-4e71-9ed8-a693b0ec3c5e
Member Names
Description Members of this management role group have permissions to manage all Exchange servers within the
Exchange organization, but members don't have permissions to perform operations that have global
impact in the Exchange organization.
GUID d4bc8dfc-12bd-4cfa-836f-9d974b6522c3
Name UM Management
Description Members of this management role group can manage Unified Messaging organization, server, and
recipient configuration.
GUID 2ec93f0c-3983-4f15-b3b3-58d850394414
Description Members of this management role group can view recipient and configuration objects and their
properties in the Exchange organization.
GUID b4f77631-89cb-43b5-b597-40c18b204317
Member Names
Name Default
GUID 4e3f8c00-ee8d-4706-bfa6-15c4128348fc
Communication Management
Contacts True
Information Management
Journaling True
Notes True
Security
User Experience
Places False
Themes True
Weather False
Calendar True
Tasks True
File Access
Name Description
Default Role Assignment Policy This policy grants end users the permission to set their options in Outlook on the web and perform other
self-administration tasks.
Description This policy grants end users the permission to set their options in Outlook on the web and perform
other self-administration tasks.
GUID 63710c3e-feac-4ed2-a58a-8278d7fe65c2
Name Default
Description
Priority Lowest
Enabled True
Default True
Settings
Statistics
Contact Count 0
Owner Count 0
Total Items 0
Limits
2 Client Permissions
Anonymous None
Default Author
Statistics
Contact Count 1
Owner Count 1
Total Items 3
Limits
3 Client Permissions
Anonymous None
Default Author
sysadmin Owner
Alias Contoso
Delegation
Statistics
Contact Count 1
Owner Count 1
Total Items 0
Limits
3 Client Permissions
Anonymous None
Default Author
sysadmin Owner
Alias Foods
Groups
Delegation
GUID e2aa4641-8926-4dc9-897d-2a2d1e8b9658
Quota Settings
Alias servicedesk
MailTip
Ownership
Owners demo2012r2.net/Staff/Administrators/sysadmin
Membership
Members demo2012r2.net/Staff/Administrators/sysadmin
demo2012r2.net/Users/1stLineSupport
demo2012r2.net/Users/2ndLineSupport
Joining Owner approval: All requests are approved or rejected by group owners
Leaving Closed: Members can only be removed by the group owners. All requests to leave the group will be
rejected automatically.
Delivery Management
Moderation
Delegation
Send As DEMO2012R2\sysadmin
Alias sys_admins
MailTip
Ownership
Owners demo2012r2.net/Staff/Administrators/sysadmin
Membership
Joining Owner approval: All requests are approved or rejected by group owners
Leaving Closed: Members can only be removed by the group owners. All requests to leave the group will be
rejected automatically.
Delivery Management
Moderation
Delegation
Send As DEMO2012R2\sysadmin
Staff Staff
Alias Staff
MailTip <html>
<body>
This will send an email to all members of staff.
</body>
</html>
Ownership
Owner demo2012r2.net/Staff/Administrators/sysadmin
Membership
Recipient Filter ((Alias -ne $null) -and (-not(Name -like 'SystemMailbox{*')) -and (-not(Name -like 'CAS_{*')) -and
(-not(RecipientTypeDetailsValue -eq 'MailboxPlan')) -and (-not(RecipientTypeDetailsValue -eq
'DiscoveryMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'PublicFolderMailbox')) -and
(-not(RecipientTypeDetailsValue -eq 'ArbitrationMailbox')) -and (-not(RecipientTypeDetailsValue -eq
'AuditLogMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'AuxAuditLogMailbox')) -and
(-not(RecipientTypeDetailsValue -eq 'SupervisoryReviewPolicyMailbox')))
Delivery Management
Moderation
Delegation
Send As DEMO2012R2\sysadmin
GUID 83efe9cd-5819-420c-b0c5-e7d127021859
Witness
MapiDagNetwork
Interfaces {EX1-2K12R2-DEMO,Up,192.168.131.53}
Subnets {192.168.131.0/24,Up}
Master EX2-2K12R2-DEMO
GUID 107dfabf-65c0-479c-8e06-1595ccbd23d6
Maintenance
Journal Recipient
Limits
Client Settings
1 Database Copies
Master DAG01
GUID 43c886e8-c794-4125-8727-815b55db074a
Maintenance
Journal Recipient
Limits
Client Settings
1 Database Copies
Name EX1-2K12R2-DEMO
Domain demo2012r2.net
Product ID
GUID e6a9927b-0b0c-43b6-8ce2-f0f9468b4f39
Status Information
Host Information
Name EX1-2K12R2-DEMO
Client Access
1 Database Copies
Name Status
DNS Lookups
External DNS Settings Use DNS settings for "All network adapters (All available IPv4)"
Internal DNS Settings Use DNS settings for "All network adapters (All available IPv4)"
IMAP4
Malware Filtering
Defer Attempts 3
Enabled True
External Hostname
POP3
Transport Logs
Dial Plans
Languages en-US
Dial Plans
Microsoft Exchange Server Auth Certificate Microsoft Exchange Server Auth Certificate 19 June 2023
Subject CN=EX1-2K12R2-DEMO
Issuer CN=EX1-2K12R2-DEMO
Certificate Details
Version 3
Properties
Friendly Name
Thumbprint 42B8E31CFB0B1C32D594C4C7083175B87A9B5491
Certificate Details
Version 3
Properties
Friendly Name
Thumbprint FB0063D0C2518305E01C1898E5049D84C11D508F
Subject CN=WMSvc-EX1-2K12R2-DEMO
Issuer CN=WMSvc-EX1-2K12R2-DEMO
Certificate Details
Version 3
Properties
Friendly Name
Thumbprint F5F0B1A4CBFADC5281B44E7C36ED6643E297F537
GUID d11434a9-c96f-4209-bb37-974695b16fac
Authentication
GUID a18d1b51-a5cf-4b06-848f-0dcd6728baec
External URL
Authentication
GUID e71d2888-d199-4119-95e2-139772d23a2a
External URL
Authentication
GUID 1f3468e7-a7cd-4ec8-b524-430af6273ec8
External URL
Authentication
GUID 89a6dd94-8bc7-48ea-a6bd-6db33e089f70
External URL
Authentication
GUID 8a1bd18a-89a8-4f99-a5ae-93eb9355acfe
External URL
GUID c38baccf-a0ab-461f-953d-a46ce9fc30c2
External URL
Authentication
Communication Management
Contacts True
Information Management
Journaling True
Notes True
Security
Places False
Themes True
Weather True
Time Management
Calendar True
Tasks True
File Access
GUID efbded14-adc2-4c61-9c4c-9daa6ed6fb5f
External URL
Authentication
Name EX2-2K12R2-DEMO
Domain demo2012r2.net
Product ID
GUID 7a568d71-fc33-4019-bc1e-a699638ec4df
Status Information
Host Information
Name EX2-2K12R2-DEMO
Client Access
1 Database Copies
Name Status
DNS Lookups
External DNS Settings Use DNS settings for "All network adapters (All available IPv4)"
Internal DNS Settings Use DNS settings for "All network adapters (All available IPv4)"
IMAP4
Malware Filtering
Defer Attempts 3
Enabled True
External Hostname
POP3
Transport Logs
Dial Plans
Languages en-US
Dial Plans
Microsoft Exchange Server Auth Certificate Microsoft Exchange Server Auth Certificate 19 June 2023
Subject CN=EX2-2K12R2-DEMO
Issuer CN=EX2-2K12R2-DEMO
Certificate Details
Version 3
Properties
Friendly Name
Thumbprint 141FF6E5AF8611EB92315B54B0D3D331990F764E
Certificate Details
Version 3
Properties
Friendly Name
Thumbprint FB0063D0C2518305E01C1898E5049D84C11D508F
Subject CN=WMSvc-EX2-2K12R2-DEMO
Issuer CN=WMSvc-EX2-2K12R2-DEMO
Certificate Details
Version 3
Properties
Friendly Name
Thumbprint 5C800F594738CAD4EE50541678BBD6484ADA48AA
GUID 7d5f5905-e1f2-4863-8a0c-a2f2f1d8c60b
Authentication
GUID 7a6b712f-ce4d-4405-9f2f-e89c6c268767
External URL
Authentication
GUID 60afbded-d683-48c0-bf41-2c0a543bf6bb
External URL
Authentication
GUID 4c247991-368b-4bfe-b0f3-1bc52ec81b63
External URL
Authentication
GUID 91c613db-6a9a-4a0d-82f4-e0868cfc6200
External URL
Authentication
GUID 890828fa-fa6c-452f-bb69-bd744ef2844f
External URL
GUID ceac0542-c17a-4d94-875c-6100bad6f1bd
External URL
Authentication
Communication Management
Contacts True
Information Management
Journaling True
Notes True
Security
Places False
Themes True
Weather True
Time Management
Calendar True
Tasks True
File Access
GUID 3b34362b-163c-43c6-bc12-49c5835d9123
External URL
Authentication
Name Status
Status Enabled
GUID d6fa49f6-bfa7-47ba-a457-6d1d837bfe13
Greetings
Business Hours
Menu Navigation
Operator Extension
GUID 09ca597c-253a-4d9e-8471-176715ce2cbe
Dial Codes
Country/Region Code 44
Settings
Operator Extension
Dialing Authorization
GUID c16afeea-8380-40ef-b209-7237cca9e323
Dial Codes
Country/Region Code 44
Settings
Operator Extension
Dialing Authorization
Contoso hunt group Telephone extension dial plan Contoso IP Gateway Telephone extension dial plan
GUID f3f8305e-4dee-4c70-bedd-362011ee0b85
Settings
Address ipgateway
Forwarding Address
Telephone extension dial plan Default Policy Telephone extension dial plan 6
GUID 3f6ea626-2b65-4333-b195-efeed5101300
User Features
Message Text
PIN Policies
Dialing Authorization
GUID 094a6376-9246-4b6d-ae3e-06556db53af0
User Features
Message Text
PIN Policies
Dialing Authorization
1.11 DEMO2012R2\sysadmin 17 July 2018 14:35 Updated by XIA Configuration Client Data
1.10 DEMO2012R2\sysadmin 16 July 2018 16:55 Updated by XIA Configuration Client Data
1.09 DEMO2012R2\sysadmin 16 July 2018 16:44 Updated by XIA Configuration Client Data
1.08 DEMO2012R2\sysadmin 16 July 2018 15:46 Updated by XIA Configuration Client Data
1.07 DEMO2012R2\sysadmin 16 July 2018 15:38 Updated by XIA Configuration Client Data
1.05 DEMO2012R2\sysadmin 16 July 2018 14:53 Updated by XIA Configuration Client Data
1.04 DEMO2012R2\sysadmin 16 July 2018 14:25 Updated by XIA Configuration Client Data
1.03 DEMO2012R2\sysadmin 16 July 2018 11:38 Updated by XIA Configuration Client Data
1.02 DEMO2012R2\sysadmin 16 July 2018 11:11 Updated by XIA Configuration Client Data