Download Cumulative Update 21 for Exchange Server 2016 (KB5003611) :
https://www.microsoft.com/en-us/download/details.aspx?id=103242
Download Security Update For Exchange Server 2016 CU21 (KB5004779) :
https://www.microsoft.com/en-us/download/details.aspx?id=103311
- Start by updating Active Directory using the latest CU installation binaries.
We recommend that you use the latest CU for the /PrepareAD even if you don’t install the latest CU. If the operation requires a schema upgrade, the /PrepareSchema operation must be performed on a computer that’s a member of the same Active Directory domain and site as the schema master. This computer also needs .Net Framework 4.8. Learn more https://docs.microsoft.com/en-us/Exchange/plan-and-deploy/prepare-ad-and-domains?view=exchserver-2019
extend the schema for Exchange, run the following command in a Windows Command Prompt window:
E:\Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema
To prepare Active Directory for Exchange, run the following command in a Windows Command Prompt window:
E:\Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAD /OrganizationName:"wml.nl"
- Put the Exchange server in maintenance mode, and then reboot the server.
https://docs.microsoft.com/en-us/exchange/high-availability/manage-ha/manage-dags?view=exchserver-2019#performing-maintenance-on-dag-members
- Save all customized Exchange and Internet Information Services (IIS) settings you’ve made, as they might be overwritten by the upgrade. These could be anything you didn’t use PowerShell to modify, like custom registry entries and Outlook on the web (OWA) customizations.
- Install CU21, and then reboot the server.
IMPORTANT: You must install the CU from an elevated command prompt. If the CU installation is being started from PowerShell,
E:\setup.exe /m:upgrade /IAcceptExchangeServerLicenseTerms
- Install the latest applicable security update (SU) as listed in Exchange Server build numbers and release dates.
https://aka.ms/exdepwizsu
Follow these steps:
Select Start, and then enter cmd.
In the results, right-click Command prompt, and then select Run as administrator.
If the User Account Control box appears, verify that the default action is the action that you want, and then select Continue.
Enter the full path of the .msp file, and then press Enter.
IMPORTANT: When installing the security update manually you must run it from an elevated command prompt. If you don’t, the install might complete, but the server won’t be protected.
- Reboot the server, even if you aren’t prompted to do so.
- Reimport your saved customizations.
- Check that all Exchange services are back to their previously noted state.
- Take the server out of maintenance mode.
- Check all additional applications that connect to Exchange, including your backup, archiving, and monitoring solutions.
Test mail flow
Test-Mailflow -TargetEmailAddress [email protected]