• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1541
  • Last Modified:

Exchange 2010 questions

SERVER INFO:
-2x AD Win2K8 in one site
-2x Exchange 2010 MAIL,HUB,CAS
-2x Exchange 2010 EDGE
-2x Win2K8 FileServer

QUESTIONS:
1. Usually if I create user email in Exchange that mean that user can have an email and can access my fileserver using the same a/c.
Can I create email only without allowing this user to access my fileserver
2. Whether the Exchange 2010 EDGE server must be member of domain
3. If the EDGE server are located in different subnet, and in between front and backend exchange has CISCO ASA firewall. What port need to be opened if the EDGE is member of domain

thanks
0
nbctcp
Asked:
nbctcp
2 Solutions
 
Tony JLead Technical ArchitectCommented:
1. Usually if I create user email in Exchange that mean that user can have an email and can access my fileserver using the same a/c.
Can I create email only without allowing this user to access my fileserver

Yes - if they're members of groups that have access to the share, you could always create a new group and give them the "Deny" permission to the relevant shares.

2. Whether the Exchange 2010 EDGE server must be member of domain

No - it mustn't be.

3. If the EDGE server are located in different subnet, and in between front and backend exchange has CISCO ASA firewall. What port need to be opened if the EDGE is member of domain

Edge ports for synchronisation are:

For Inbound traffic:
SMTP - TCP port 25 (from Internet)
SMTP - TCP port 25 (from Edge server to Hub server on internal network)

For Outbound traffic:
SMTP - TCP/UDP port 25 (from Edge to Internet)
SMTP - TCP/UDP port 25 (from Hub to Edge server)
LDAP for EdgeSync - TCP port 50389 (from Hub to Edge server) Secure LDAP for EdgeSync - TCP port 50636 (from Hub to Edge server)
0
 
Mkris9Commented:
1. Usually if I create user email in Exchange that mean that user can have an email and can access my fileserver using the same a/c. Can I create email only without allowing this user to access my fileserver

If you just want to create a mailbox that is not possible. There has to be an associated Active Directory account associated with a mailbox. When you create a user, it normally gets added to the domain user group. If the domain users group has access to your shares in the file server, then he / she will be able to access shares.

2. Whether the Exchange 2010 EDGE server must be member of domain

No, Edge servers uses ADAM - which is AD Application Mode - through which it communicates with AD

3. If the EDGE server are located in different subnet, and in between front and backend exchange has CISCO ASA firewall. What port need to be opened if the EDGE is member of domain

Edge servers cannot be a member of domain. It normally sits on the DMZ between WAN and your local subnet.  This shows the ports to be opened. http://technet.microsoft.com/en-us/library/bb331973.aspx to and from Edge and WAN and HT servers.

Also one of the best articles I've used for ET is http://www.msexchange.org/articles_tutorials/exchange-server-2007/planning-architecture/uncovering-exchange-2007-edge-transport-server-part1.html. though it is for 2007, the basic principles rmains the same.
0

Featured Post

Exciting career futures for women in IT

Education has the power to transform lives and open the door to new career opportunities. By earning an IT degree from WGU, you can become a highly skilled IT professional. Get the credentials and certifications you need to become a leader in this rewarding field.  

Tackle projects and never again get stuck behind a technical roadblock.
Join Now