Solved

Exchange 2010 questions

Posted on 2010-09-01
2
1,533 Views
Last Modified: 2012-05-10
SERVER INFO:
-2x AD Win2K8 in one site
-2x Exchange 2010 MAIL,HUB,CAS
-2x Exchange 2010 EDGE
-2x Win2K8 FileServer

QUESTIONS:
1. Usually if I create user email in Exchange that mean that user can have an email and can access my fileserver using the same a/c.
Can I create email only without allowing this user to access my fileserver
2. Whether the Exchange 2010 EDGE server must be member of domain
3. If the EDGE server are located in different subnet, and in between front and backend exchange has CISCO ASA firewall. What port need to be opened if the EDGE is member of domain

thanks
0
Comment
Question by:nbctcp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 26

Assisted Solution

by:Tony Johncock
Tony Johncock earned 62 total points
ID: 33574605
1. Usually if I create user email in Exchange that mean that user can have an email and can access my fileserver using the same a/c.
Can I create email only without allowing this user to access my fileserver

Yes - if they're members of groups that have access to the share, you could always create a new group and give them the "Deny" permission to the relevant shares.

2. Whether the Exchange 2010 EDGE server must be member of domain

No - it mustn't be.

3. If the EDGE server are located in different subnet, and in between front and backend exchange has CISCO ASA firewall. What port need to be opened if the EDGE is member of domain

Edge ports for synchronisation are:

For Inbound traffic:
SMTP - TCP port 25 (from Internet)
SMTP - TCP port 25 (from Edge server to Hub server on internal network)

For Outbound traffic:
SMTP - TCP/UDP port 25 (from Edge to Internet)
SMTP - TCP/UDP port 25 (from Hub to Edge server)
LDAP for EdgeSync - TCP port 50389 (from Hub to Edge server) Secure LDAP for EdgeSync - TCP port 50636 (from Hub to Edge server)
0
 
LVL 8

Accepted Solution

by:
Mkris9 earned 63 total points
ID: 33574846
1. Usually if I create user email in Exchange that mean that user can have an email and can access my fileserver using the same a/c. Can I create email only without allowing this user to access my fileserver

If you just want to create a mailbox that is not possible. There has to be an associated Active Directory account associated with a mailbox. When you create a user, it normally gets added to the domain user group. If the domain users group has access to your shares in the file server, then he / she will be able to access shares.

2. Whether the Exchange 2010 EDGE server must be member of domain

No, Edge servers uses ADAM - which is AD Application Mode - through which it communicates with AD

3. If the EDGE server are located in different subnet, and in between front and backend exchange has CISCO ASA firewall. What port need to be opened if the EDGE is member of domain

Edge servers cannot be a member of domain. It normally sits on the DMZ between WAN and your local subnet.  This shows the ports to be opened. http://technet.microsoft.com/en-us/library/bb331973.aspx to and from Edge and WAN and HT servers.

Also one of the best articles I've used for ET is http://www.msexchange.org/articles_tutorials/exchange-server-2007/planning-architecture/uncovering-exchange-2007-edge-transport-server-part1.html. though it is for 2007, the basic principles rmains the same.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question