Exchange Server 2013 Configuration Management with PowerShell DSC

One of my minor gripes with Exchange Server 2013 is the lack of configuration that can be performed during setup.

If you look at the TechNet documentation for unattended setup you can see a few options are available but they do not cover the range of configurations required for a new Exchange 2013 server.

Consider a scenario where a new Exchange 2013 server is being introduced into a site with existing servers. The server is going to participate in load balanced Client Access traffic, which means a variety of HTTPS workloads such as OWA, ActiveSync, and EWS, as well as potentially SMTP relay for internal application servers.

The configurations that you would need to initially apply could include:

• SSL certificates
• Virtual directory URLs and settings
• Receive connectors
• Message tracking log configurations
• Protocol log configurations

100% of those items can be scripted with PowerShell. You would need to invest some time and effort but it is certainly achievable, and your deployment process will be better for it.

The next challenge is maintaining that configuration. Many Exchange admins would be familiar with situations where some small number of the end user population is having a problem with OWA, and it turns out that one OWA virtual directory among your Client Access servers has a slightly different configuration than the others. Or a situation where SMTP connections from application servers sometimes fail, and it turns out that the remote IP ranges defined on the receive connectors of your load balanced servers are slightly different.

Again, you could write a bunch of PowerShell and implement automation and workflows that periodically run across your servers and correct any mis-configurations. That is 100% achievable and just needs time and effort applied.

But home-brewing your own configuration management solution is, quite frankly, a gigantic pain. I’ve been watching developments in the world of configuration management via the likes of Chef, Puppet, and of course PowerShell DSC with a lot of interest.

So it is with great excitement that I read the news that Microsoft has developed an Exchange module for PowerShell DSC.

The “xExchange” module has 24 DSC resources in it right now. Already they are ticking most of the boxes on my wishlist of configuration management items, such as SSL certificates, virtual directory configurations, receive connectors, and database availability groups.

It looks like Mike Hendrickson is planning a series of articles that explore the xExchange module for PowerShell DSC in a lot more detail, which will be very interesting to read.