• Install Microsoft Windows Server 2016 operating system (with Desktop Experience) onto your hardware (including any preconfigured RAID-1 Mirror Array) and enter your Product Code / License Key to Activate your fresh install of Server 2016 Operating System as either the Standard or Datacenter edition. Do not add any roles or features yet.
• Perform Windows update one or more times on your fresh installation of Microsoft Windows Server 2016.

Download and Install:

• Use the latest version of the .NET Framework that's supported by the release of Exchange you're installing.
• For Exchange Server 2016 CU23 Any supported OS calls for .NET Framework 4.8
• Install using the .NET Framework 4.8 Offline Installer [English] (prior to installing any added language packs).

See: https://support.microsoft.com/en-us/topic/microsoft-net-framework-4-8-for-windows-10-version-1607-windows-10-version-1703-and-windows-server-2016-8ff8f85c-65f8-8fae-b85a-c556efce33fd

Or Download DNF 4.8 directly from here: https://go.microsoft.com/fwlink/?linkid=2088631

Caution: DO NOT INSTALL .NET 4.8.1 from here https://dotnet.microsoft.com/download/dotnet-framework/thank-you/net48-offline-installer, or you will receive an error saying that this dot net version is not compatible for your 2016 Server Operating System and is Blocked from installation.

Note: In the Server Manager console, when checking the features that are installed on Server 2016, only Dot Net Framework 4.6 is installed (2 of 7 features). So, you should install dot net framework 4.8 using the offline installer.

Note: NET Framework 4.8 does not include .NET Framework 4.6. Although, instead, .NET Framework 4.8 is an in-place update that replaces earlier versions, including 4.6, meaning that when you install 4.8, it updates or replaces any previous version from 4.6 through 4.7.2 on the system. This ensures that your system is running a single, supported version of the framework from that series.

Download and install the following prerequisites:

• vcredist_x64_2012 - Microsoft Visual C++ 2012 Redistributable x64 - 11.0.61030
• vcredist_x64_2013 - Microsoft Visual C++ 2013 Redistributable x64 - 12.0.30501
• ucmaRuntimeSetup.exe - Microsoft Unified Communications Managed API 4.0 Runtime (this may be optional depending on whether you need to have Microsoft Teams, messaging, and real-time chat, among Exchange users). Let's explore this a but more. Installing the Unified Communications Managed API (UCMA) 4.0 Runtime is still a necessary prerequisite for the Mailbox server role in Exchange Server 2016, regardless of the retirement of classic Microsoft Teams. The requirement for UCMA 4.0 is tied to the internal functionality of Exchange Server 2016's Unified Messaging (UM) services, not the Microsoft Teams client itself. The Exchange setup process specifically checks for this component and will not proceed without it, as it uses some of the underlying libraries for internal operations and compatibility with third-party PBX systems in hybrid environments.

See: Visual C++ Redistributable for Visual Studio 2012 Update 4

• Download it Here: https://www.microsoft.com/en-us/download/details.aspx?id=30679

See: Visual C++ Redistributable Packages for Visual Studio 2013.

https://www.microsoft.com/en-us/download/details.aspx?id=40784

The “update” for Microsoft Visual C++ 2013 Update 5 Redistributable Package is released as a download-only update and isn’t distributed through Windows Update.

All package downloads for the update in various languages are listed here:

• https://support.microsoft.com/en-us/topic/update-for-visual-c-2013-and-visual-c-redistributable-package-18d278e8-1c79-2630-e8ae-e9f4679b2393

Specific 2013 x64 Update file for English is here:

• https://download.microsoft.com/download/c/c/2/cc2df5f8-4454-44b4-802d-5ea68d086676/vcredist_x64.exe

• Install the Unified Communications Managed API 4.0 Runtime

Get it Here: https://www.microsoft.com/en-us/download/details.aspx?id=34992

In the past, your author (yours truly) has installed Exchange Server 2016 on a domain controller, without noticeable issues. For Exchange 2010, I saw old articles that called this type of installation a “One-Box.”

Microsoft does not recommend installing Exchange 2016 (or 2019) on domain controllers. At some point during Exchange installation / set-up a warning is generating stating, “Exchange Server 2016 or Exchange 2019 Setup has detected that the target computer is an Active Directory domain controller, and we don't recommend installing Exchange on domain controllers.”

According to Microsoft, if you install Exchange on a domain controller, you should be aware of the following issues:

• Configuring Exchange for Active Directory split permissions isn't supported. For more information about split permissions, see Understanding split permissions.
• The Exchange Trusted Subsystem universal security group (USG) is added to the Domain Admins group. This action grants all Exchange servers domain administrator rights in the domain.
• Exchange Server and Active Directory are both resource-intensive applications. There are performance implications when both applications are running on the same computer.
• The domain controller must be a global catalog server, but Exchange services might not start correctly on a global catalog server.
• System shutdown will take considerably longer if Exchange you didn't stop the Exchange services before you shut down or restart the server.
• Demoting the domain controller to a member server isn't supported.
• Running Exchange on a clustered node that's also an Active Directory domain controller isn't supported.

Therefore, we (Microsoft) recommend that you install Exchange on a member server, not on a domain controller.

However, this author (yours truly) is planning to install active directory services and promote the 2016 Server to a domain controller and install Exchange Server 2016 on the domain controller as a One-Box solution.

• Rename the Server something like Exch01 and reboot the server
• Do NOT join a domain at this point, especially if there is another domain server on the same subnet
• Change the network adapter settings by editing IPV4 protocol and enter a static IP address that is outside the Dynamic (DHCP) IP block range that is configured on your router.

For Example:

IP Address: 192.168.1.2

Subnet Mask: 255.255.255.0

Default Gateway: 192.168.1.1

DNS1: 192.168.1.2

DNS2: 8.8.8.8 (Eg. Google)

DNS3: 8.8.4.4 (Eg. Google)

• Start the Server Manager
• Click the Link to Add Roles and Features in order to run the Add Roles and Features Wizard
• Click next until you reach the Add Roles and Add Features pages
• Check the Box to Add the Role of Web Server (Internet Information Services)
• Check the Box to Add the role of DNS Server. Note DNS server would be installed later when Active Directory Domain Services is installed.
• Optionally, click Add DHCP Services (hopefully it will not conflict with the Router DHCP)

Reboot Windows if necessary.

After IIS is installed, download and install the URL Rewrite Module 2.1

• Find it here: https://www.iis.net/downloads/microsoft/url-rewrite

• Start the Server Manager again
• Click Next until you reach Add Features page
• Check the Box to Add the role Active Directory Domain Services

• Click the Flag in Server Manager to Promote this Server to Domain Controller
• The Active Domain Services Configuration Wizard Opens Up
• Directory Deployment is the next step.
• Select the Radio Button for “Add a New Forest” and Enter the Root Domain Name in the text input box, for example, “DomainName.lan” and click Next
• Under Domain Controller Options:
• Leave forest functional level at Windows Server 2016 and Domain Functional Level at Windows Server 2016
• Specify Domain Controller Capabilities: Check Domain Name System (DNS) Server, and Check Global Catalog (GC)
• Enter the Directory Services Restore Mode (DSRM) Password (Enter it Twice to confirm), and Click NEXT.
• There is a warning message displayed: A delegation for this DNS Server cannot be created because the authoritative parent zone cannot be found or it does not run DNS server. If you are integrating with an existing DNS infrastructure, you should manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain “DomainName.lan.” Otherwise, no action is required.
• Do NOT check the box to “create DNS delegation.” Just click NEXT
• Enter the NetBios Domain Name: “DomainName” (without the .lan suffix), and click NEXT
• PATHS. Click NEXT

REVIEW OPTIONS:

Configure this server as the first Active Directory domain controller in a new forest.

The new domain name is "domainName.lan". This is also the name of the new forest.

The NetBIOS name of the domain: DOMAINNAME

Forest Functional Level: Windows Server 2016

Domain Functional Level: Windows Server 2016

Additional Options:

  Global catalog: Yes

  DNS Server: Yes

  Create DNS Delegation: No

Database folder: C:\Windows\NTDS

Log file folder: C:\Windows\NTDS

SYSVOL folder: C:\Windows\SYSVOL

The DNS Server service will be configured on this computer.

This computer will be configured to use this DNS server as its preferred DNS server.

The password of the new domain Administrator will be the same as the password of the local Administrator of this computer.

• Click NEXT to run the script to promote the server to Domain Controller with the new forest, and the forest name will be the same as the domainname.lan
• The Wizard is now running a Prerequisites Check
• There are a few warnings or information messages, however,
• All Prerequisite Checks Passed Successfully!
• Click INSTALL to begin Installation
• If you click install, the server automatically reboots at the end of the promotion operation.

If you want to install the Exchange Server Management tools on supported Windows Server OS, make sure to install the following Windows features:

Open PowerShell as Admin and run the following command

Install-WindowsFeature -Name Web-Mgmt-Console, Web-Metabase

• Download ExchangeServer2016-x64-CU23.ISO Here: https://www.microsoft.com/en-us/download/details.aspx?id=104132
• Mount the ISO as a Drive or burn it to a Double Layer DVD to use as an installation disk
• Find and Install Exchange2016 CU23 by right clicking the “setup.exe” and selecting “Run as Administrator” and do NOT run the “ExchangeServer.msi” file unless told to do so later at a certain point in the Exchange installation or upon a failed installation.
• When Prompted by the Exchange Installer, Select “Don't Check for Updates Right Now” and click NEXT
• Setup Needs to Copy Files that are Required to install Exchange Server . . . Copying Files . . .
• Initializing Setup
• Introduction - Welcome to Microsoft Exchange Server - This Wizard will guide you through the installation of Exchange Server. Click NEXT
• Select “I accept the license agreement but I am not ready to share diagnostic data with Microsoft. Click Next.

Server Role Selection:

When installing or upgrading Exchange Server 2016 CU23 on a server intended for typical operations within your organization, you should only select the Mailbox role. This role is the only mandatory one and includes all necessary services, such as Client Access and Transport services.

Server Role Selection

• Mailbox role: This is the recommended and primary role for an Exchange 2016 server. Microsoft consolidated all functions (Mailbox, Client Access, Hub Transport, Unified Messaging) into this single role to reinforce the best practice of deploying multi-role servers.
• Edge Transport server role: This role is optional and is designed to sit in a perimeter network (DMZ) to provide anti-spam and secure inbound/outbound mail flow. It cannot co-exist with the Mailbox server role on the same physical or virtual server. Only select this role if you are specifically setting up a separate server in a perimeter network.
• Management Tools: This option is automatically installed when you select the Mailbox role. You would only select this as a standalone option if you are installing the tools on a separate administrative workstation that is not an Exchange server itself.

In summary, for standard deployment, you should only select the Mailbox role.

• Installation Space and Location. Accept the pre-selected installion location by clicking NEXT
• Exchange Organization. Just Accept the Name provided: “First Organization” unless you feel strongly about changing it. Also, do NOT select “apply split permissions.” Click NEXT.
• Malware Protection Settings. Question - Disable Malware Scanning? Answer - select “NO” and click Next.
• Readiness Checks. The Computer will be checked to verify that setup can continue. The progress indicator says Configuring Prerequisites . . .
• After analysis, there are 3 warnings: 1. Installing Exchange on a domain controller will elevate the privileges for domain trusted subsystem to domain administrators. (No Problem for me) 2. No Exchange Server 2013 roles have been detected in the topology. After this operation, namely “setup/PrepareAD,” you will not be able to install any Exchange Server 2013 roles. (No Problem for me) 3. No Exchange Server 2010 roles have been detected in the topology. After this operation, namely “setup/PrepareAD,” you will not be able to install any Exchange Server 2010 roles. (No Problem for me) CLICK INSTALL.
• Setup Progress. Step 1 of 15 Organization Preparation. 2. Stopping Services 3. copy exchange files. 4. Language Files, 5. . . . 7. Management Tools. 8. Mailbox Role: Transport Service. 9. Mailbox role: Client Access Service. 10. Mailbox Role: Unified Messaging Service 11. Mailbox Role: Mailbox Service. 12. Mailbox Role: Front end transport service 13. Mailbox Role: Client Access Front End Service. 14. Finalizing Setup, 15. Setup has completed. Check the box if you want to launch Exchange Administration Center after clicking the FINISH button.

View post installation tasks https://docs.microsoft.com/Exchange/plan-and-deploy/post-installation-tasks/post-installation-tasks?view=exchserver-2016