Link to home
Create AccountLog in
Avatar of aihaiai
aihaiai

asked on

Exchange 2003 Merger Between Company

I have 3 registered SMTP email domain in my environment where all of them running in 3 different domain in 3 different Forest. E.g
1. abc1.com (email domain) is running in ad1dom.local(AD domain)
2. abc2.com i(email domain) is running in ad2dom.local (AD domain)
3. abc3.com i(email domain) is running in ad3dom.local (AD domain)

Since all the domain is belong to the same company, the management plan to use only 1 email domain which is abc1.com

I'm thinking of 'moving' all the exchange users to ad1dom.local domain by creating new users (for all user on the ad2dom.local and ad3dom.local domains). With this steps, both domain users will have a new password.

Is there any alternative way to handle the 'merger' ?
Avatar of debuggerau
debuggerau
Flag of Australia image

well there is always manually, but the ADMT tool is the one I'd use.
Avatar of aihaiai
aihaiai

ASKER

Can you explained how can we use ADMT tool on this scenario. Is that by using ADMT tool, I don't have to create all the other users for both 'unwanted' domain?
The following article gives you the examples of the various methods:
http://support.microsoft.com/kb/327928


I believe that in your situation you need to go through a co-existence and migration phase. Once you have configured trusts and security you need to link the e-mail domains by creating a connector from the new Exchange to the old one, all e-mail should then be directed out of the old system to the new system, and incoming internet e-mail should be configured to come in to the new domain. Therefore the new domain handles all incoming and outoging e-mail.

You may also need to share the e-mail domains between the organizations, the new one needs to be able to accept e-mail for the other e-mail domain's and then pass any messages on to the other servers (if the mailbox is not on the new domain), the following document explains how to do this:

http://support.microsoft.com/kb/321721

Once this is in place you need to install and configure the Active Directory Connector to connect the two systems together to share the e-mail addresses, this will create either new contacts for users in the source domain, in the destination domain and vice-versa. therefore if you create a new user a contact will be created in the other domain and the Global Address List will be updated. When you migrate a user it will change the GAL from being a e-mail user in that domain to a contact (as the users mailbox will be in the other domain).
http://technet.microsoft.com/en-us/library/aa996243.aspx

You can then use the Active Directory Migration  Tool to import the groups from the source domain to the destination domain, then we you are ready to migrate a user you run  the ADMT tool to migrate the user to the new domain, update their group membership, and migrate their SID history (so they have access to any un-migrated data on the old servers). This will update the account created by the Active Directory Connector with all the new details.

http://www.microsoft.com/downloads/details.aspx?FamilyID=6f86937b-533a-466d-a8e8-aff85ad3d212&displaylang=en
http://www.microsoft.com/downloads/details.aspx?FamilyID=6f86937b-533a-466d-a8e8-aff85ad3d212&displaylang=en

The ADMT tool will also migrate the computer accounts and maintain users profiles to the new domain.

You then run the Exchange Migration Tool on the Exchange server to migrate the mailbox from the old Exchange server to the new one, check it has migrated, delete the old mailbox, ask the user to logon, setup their outlook profile and everything should be done.

The ADC will then run and update the old infrastructure that the mailbox is on the new system and mail flow will be maintained to the user.

Once all users have been migrated (and contacts / distributions lists) you can remove the connector to the old server and uninstall it.
Avatar of aihaiai

ASKER

Can the same email domain be share by two different exchange organization (different forest) at the same time? E.g. user1@abc1.com mailbox is located at Exch Org A and at the same time user2@abc1.com mailbox located at Exch Org B.
The MX record for email domain abc1.com is pointing to Exch server at forest A. The recipient policy at Forest A said that it is responsible for email domain abc1.com and it will not forward any email to xxx@abc1.com to the other exchange server at Forest B right?
Yes the same e-mail domain or multiple e-mail domains can be shared by multiple systems by following the article. As you say you set the MX records to go in to the Exchange server in forest A, then modify the recipient policy so it is NOT responsible for all e-mail to this domain (change the default recipient policy to a different e-mail domain (such as @local) which is authorative for this domain) and then create a new recipient policy for the @abc1.com domain and set this not to be responsible for all e-mail to the domain. You then create a connector to the other Exchange system so that e-mail that comes in for users not on the forest A Exchange server gets passed on to the other server in Org B.
Avatar of aihaiai

ASKER

OK that sounds very good. Another advice needed
1. At the same time, for both Exchange org that sharing the same email domain, I need to make sure the xxx@abc1.com users will be the primary address (will be the reply to address)
2. Is there any impact on pop/imap/owa and rpc over http client, since my external DNS is pointing to only one record (the Exchange front end server on Exch org at Forest A) e.g. mail.abc1.com  ( At the same time Exch org at Forest B also have the similar infrastructure). I assume that I need to create another external DNS record e.g. mail1.abc.com for xxx@abc1.com user that reside on exch org at Forest B . Is that the correct way. (But this way will not serve the uniform configuration for all xx@abc1.com users right? Ultimately can it be done so that all xx@abc1.com email domain will have the same client  configuration no matter where the users mailbox is reside on the excahnge org?  
Avatar of aihaiai

ASKER

Additional advice needed
1. One of the steps is to create SMTP connector to the shared address space (email domain). I have already created connector for 'outgoing mail' (to the internet domain) with address space * for outgoing mail. I assume that I have to create another SMTP connector for the purpose of the shared address space right? So that now I have 2 smtp connectors in place.
2. For any additional shared address space, I have to create additional smtp connectors or I can use the same SMTP connector if the target address (smart host is the same)
3. If I have Exch Org C in place which also need to shared the address space. Can I create additional SMTP connector with the same address space with different target address (smart host) which is Exhange server B on Exch Org B or I can't do that. Or I have to create the similar SMTP connector for the shared address space on Exch Org B with the target address of Exch server C on Exch Org C
You can create one connector and populate this with the address spaces (e-mail domains) that go over the connector. If the e-mails are going to different servers then you will need different address spaces. You can alos create different options (restrictions etc) that can be configured for the connector. I would expect that you would not have any additional limits for the other e-mail domains so I would put them all on one connector.

As to question 3 I am not sure what you are asking. You can share multiple e-mail domains with different Exchange Org's by creating multiple connectors (one to each of the e-mail domains). You can share an e-mail domain with more than one organisation but you need to be careful that it is setup correctly or the message will loop around the systems as it may not know where to deliver the message to.
Avatar of aihaiai

ASKER

I assume after settings all the needed SMTP connectors, The flow of email with shared smtp address space will be.

From Internet -> exch org A -> exch org B -> exch org C
but  I have a bit confuse on how the user3@abc1.com on exch org c email flow to the user1@abc1.com on exch org A
This is where you are likely to run in to problems as it is best practice to only share e-mail between two domains.

The master domain needs to send and receive e-mail for all the other Exchage Orgs of which it may share addresses with. This master Org is configured not to be authoratitive for the e-mail and it then forwards e-mail for users that do not exists within its Org to one of the other Exchange Orgs via the connector. As you say in your last example it then gets tricky for the mail from Org C to get to the other Org as looping can occur. It can be done but it is tricky:

http://support.microsoft.com/kb/315511
Avatar of aihaiai

ASKER

To cut it short, how email flow from the user2@abc1.com on exch org B to the user1@abc1.com on exch org A will be?
Avatar of aihaiai

ASKER

or by using this method, it will only doing one direction flow e.g. internet->exch org A ->exch org B ?
if receiveing non existing email, the org b will responsible to generate the NDR
That is correct, Exchange Org B would then generate a NDR.
Avatar of aihaiai

ASKER

So that exch org b will be the 'authoritative' for the namespace or it is not necassary?
Yes, it is advised that the last hop be authoritative for the e-mail address to avoid message looping - where the message will be passed between the various systems until the maximum hopcount is reached, a NDR will then be generated.
Avatar of aihaiai

ASKER

Can I assume my summary here is correct .
1. The email flow will be on one direction. e,g Exch Org A -> Exch Org B and so on
2. Users from other that the first Org (maybe Exch Org B) cannot send email back to the first Org (Exch Org A)
3. Only the last Org (Exch Org B) will be the authoritative to generate the NDR
Avatar of aihaiai

ASKER



Following the method 2 on the article looks in can solve the problem
http://support.microsoft.com/kb/321721
Yes, that is how you set the last domain as authoritative to stop message looping. I have implemented this many times and it is pretty straight forward. Sharing across two domains is easy, more than two domains can be tricky as we have previoulsy posted.
ASKER CERTIFIED SOLUTION
Avatar of fishadr
fishadr
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of aihaiai

ASKER

Ok I have tested. Method 1 can handle the end less loop by setting the last domain as authoritative but it does not handle the reverse route of email (email from last ORG to previous ORG) . Method 2 can handle all the scenario