Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 329
  • Last Modified:

Add Exchange 2003 Across VPN w/ Trust in Subnet

I have a strange requirement for a client who has a pre-existing environment that we don't want to mess with too much.  Currently there are two physical offices with this client, they have essentially two domains with one office being their main location (site A) and the second being a Satellite office (Site B.)  Site A has an AD domain of a.domain.com (10.0.0.x) and site b is b.domain.com (10.0.1.x).  The original configuration was a single server at each site, each the domain controller and file server for the locations.  These two domains have a simple trust setup between them  About 3 years ago,  Site A decided they wanted to implement Exchange server so we installed an Exchange sever into the environment and people at Site A loved it so much, a couple people in Site B started to want to use it.  So we would create a separate AD account for the Site B user so they could authenticate Exchange across the VPN, no problem.  So here we are a couple years later and now they want to put an Exchange server in Site B in order to accommodate increased storage and LAN performance that is becoming restrained over the VPN of the two sites.  
Our approach at this point is to implement the Exchange server in Site B, give it a local Site B ip address and assign it a Site A DNS address, join it to the domain and move forward with an Exchange installation.  People will have separate credentials for their local computer login vs. the Exchange account which is kind of a pain but I dont see a more streamlined approach.  Being they are both using the same external domain address and they want a common GAL is there a way to create a new Exchange instance on Site Bs environment, transfer users already created in Site A?  If we do it the way we are proposing, is the trust between the two domains and subsequent subnets going to be disruptive to the configuration or should I give site Bs Exchange server an IP in Site As subnet and configure a static route?
0
ehilder1
Asked:
ehilder1
  • 3
  • 2
1 Solution
 
MesthaCommented:
You are going to have to locate a domain controller with the Exchange server. If you do not then the performance will suck quite badly. Exchange is very dependant on a domain controller and the latency of a VPN is simply too much for it.

As long as SBS isn't involved, you could trust the domains. Then give the users in the trusted domain permissions to the mailboxes. This is basically the resource forest model, which you will find documented in lots of places.

However it might be a good time to look at the entire setup, and use this as a good opportunity to merge everything in to a single forest. Exchange doesn't cause any disruption to a live domain.

Simon.
0
 
ehilder1Author Commented:
Metha,  Thank you for this.  SBS is not involved and the domains between the two sites are already trusted.  Would it be possible for me to simply add the Exchange server at Site B and then start to migrate the mailboxes from the trusted Site A domain over to Site B?  How will it handle message traffic being all the messages are coming in from Site A (the SMTP gatway for their external domain will be located at Site A.)  
0
 
MesthaCommented:
Without a domain controller the performance will be very poor. If the Exchange servers are split by a VPN then there MUST be a domain controller at both ends.
As long as the Exchange servers are in the same forest and can see each other, Exchange will route the traffic to the correct server on its own. Nothing special has to be done.

Simon.
0
 
ehilder1Author Commented:
I understand how Exchange routes in the same Forest but what about a trusted scenario with two domains configured as a trust?  Worst case scenario is I install AD for the Site A on the Exchange server directley.
0
 
MesthaCommented:
The use of a trust is completely immaterial, because Exchange doesn't work across trusts.

The Exchange boundary is the forest. If you have Exchange in another forest then it is an external server as far as Exchange is concerned.

You still need to have a domain controller with the Exchange server that you are locating in the second site. That needs to be a domain controller in the same domain as Exchange.
A domain controller in a trusted domain is not enough - Exchange will not use it.

Simon.
0

Featured Post

Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now