In this tutorial, we will see how to add a new email domain on an Exchange Server 2019 server. This domain will be usable for the new mailboxes created. We will see how to set it by default, but also how to set it as a UPN suffix in the Active Directory to simplify user authentication.
We assume that we will add the domain “domaine.fr” to our Exchange server. Thus, users will be able to benefit from an e-mail address with this e-mail domain. On the Active Directory side, this domain is not known when it is added to Exchange Server. A user with the ‘E-mail “[email protected]” will have to authenticate on the Exchange server with his Active Directory account, therefore potentially “[email protected]” (if I take over the domain of this lab): the end user must memorize two pieces of information (his AD identifier and his e-mail address).
By declaring “domaine.fr” as UPN suffix in the Active Directory, the user will have the e-mail address “[email protected]“and it will also have the value”[email protected]” for attribute “UserPrincipalName” of his AD account. Thus, he can authenticate with “[email protected]” on Exchange but also on domain computers!
The step-by-step procedure is available in the corresponding video for this episode. Here, I give you the steps in a more synthetic way.
II. Add a domain
Let’s start with the procedure to add a domain, which can be done from the Exchange admin center or the Exchange Management Shell.
From the Exchange admin center:
1 – Click on “Mail flow” (Mail flow)
2 – Click on the tab “Accepted domains“
3 – Add a new email domain with the option “Accepted domain is authoritative“
4 – Validity
5 – Edit the domain to check the option “Set this domain as the default domain.“
If it is an external domain that you own, it is important to indicate that your server is authoritative for this domain. This means that your mail server is the server that handles emails for this domain, which will also translate to DNS records, in particular with the MX record (as mentioned during the installation).
With Exchange Management Shell:
You can add the domain:
New-AcceptedDomain -DomainName domaine.fr -DomainType Authoritative -Name domaine.fr
Then, if we want to set it by default, we can modify it at any time:
Set-AcceptedDomain -Identity domaine.fr -MakeDefault $true
Let’s move on.
III. Edit Email Address Policy
The second step is to edit the email address policy to assign the domain “domaine.fr” instead of “it-connect.lanOtherwise, the local domain will be used for new email addresses, despite having a new default domain.
It is possible to create various policies to apply different address formats depending on the types of resources. For example, a policy that applies to all types (like the default) or a policy that applies only to mailboxes. In this example, I’m editing the default policy.
1 – Click on “Mail flow” (Mail flow)
2 – Click on the tab “Email address policies“
3 – Edit the “Default Policy“
4 – Click on “Mail address format” and change the domain to “SMTP” to match the new domain (instead of “it-connect.lan”).
5 – Validity
From there, if you create a mailbox, it will benefit from the domain “@domaine.fr” while at the Active Directory level, the local domain will be used for authentication.
IV. Declare the UPN suffix in the Active Directory
To declare a new UPN suffix corresponding to the mail domain, it is necessary to access the properties of the console “Active Directory Domains and Trusts” as explained in this tutorial:
Just declare the domain in this console.
Once that’s done, you can create your mailbox! It will benefit from the “@domaine.fr” domain and the Active Directory account that will be generated will also benefit from this domain. As a result, the user will be able to authenticate with the address “[email protected]” in Exchange and on his PC, with the same password.
To create a mailbox from the Exchange admin center, you need to click on the following menu: Recipient > Mailboxes > “+” > User mailboxes. Here, we choose the mail domain for the logon name, while for the mailbox, it is the Exchange policy that will make sure to affect the domain name.
Then, in the Active Directory, we can see the information:
If you have already created mailboxes and the UPN contains the Active Directory domain name, you can go back to Accounts to change the value.
Here we have just seen how to add a new domain on an Exchange mail server! If you need more specific guidance, watch the video since I’m performing these actions step by step.
Windows Server,Astuce,Microsoft,Microsoft Exchange 2019,