Solved

Exchange 2003 in a domain.

Posted on 2011-02-20
11
373 Views
Last Modified: 2012-09-17
Ok Folks,

I'm afraid I might have a little mess on my hands.  About 3 years ago I configured and installed an Exchange 2003 server for a client.  Everything has been working great.  They have never used the Active Directory on this machine ever.  Their network gets its dhcp from the cisco router and we just create users on each pc.  Well the time has come that we need to start using active directory since we have people moving around the office constantly.

I have two issues:

1.  When I created the AD on the exchange server i made it mycompany.com.  This is the domain that the exchange server is handling mail for.  This is one of our domains that we own and we have a website on it that is hosted by an outside company.  Everything that I have read indicates that this is the wrong thing to do as it may cause name resolution problems when people try to go to the website from inside the network.  Is it that big of a deal?  

2.  We just installed a new 2008 server that we will be using as a terminal and file server.  The load will be small as it will be used by probably no more than 10 people at a time.  Can I just install AD on this server with a different domain such as company.priv and let the other domain just be an exchange server?  I built the server pretty stout to handle AD and TS so it should be able to handle the load.  Is it asking for trouble to put two domains on one network even though one is never used?

So the question seems to be:  Sort of start over with a new and correct domain configuration on the new server and let the old exchange server just keep doing it's exchange job OR  do I try to use the exchange server as it is with the domain being the same as our external website???

Either way I need to start getting AD up and running sometime soon.  Any thoughts or real world suggestions is much appreciated.  I'm sure I havent explained this very well so please be patient and I'll answer as many questions as I need to.

Thanks

vne

0
Comment
Question by:VNE
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
11 Comments
 
LVL 14

Expert Comment

by:Kaffiend
ID: 34940745
1.  Yes, unfortunately, as you have recognized, this could be a problem.  

You *could* work around this by making sure that the Exchange server does not perform DNS resolution on the internal network.  (You could use the other new server to do DNS)

2.  Yes, what you say can be done.  But now, you have 2 different sets of usernames/passwords to contend with or keep track of.  You can send out memos till you're blue in the face, but there will be some users who don't bother to read/understand, and these people will be the ones who complain (loudly) that things are "broken" when they can't log on, or they can't get their email.  


If it is not a really big environment, the ideal solution would be to bite the bullet, and redo everything once, so that you have a firmer foundation to build on.  It would (sorry to say this) be kind of embarassing to show this kind of setup to peers or colleagues - you can make it work, yes, but not very optimal, and may make management much more of a headache.  If this company were to grow in size, then it would just be unacceptable.

If you can, do this:
Take brick-level backups of all Exchange mailboxes - export PSTs from Outlook if you have to
Install AD on the new server
Wipe the old Exchange server
Install Win2003 on the old server (can't run Exchnage 2003 on a Windows 2008 server)
Install and configure Exchange
Create user accounts and (empty) mailboxes
Import PSTs into "new" Exchange server
0
 

Author Comment

by:VNE
ID: 34940806
I've read that changing the domain of a primary domain controller can be a nightmare.  What do you think?  This would solve my problem.

You are correct about wiping the exchange server.  I have thought of this in the past but have been putting it off.

0
 

Author Comment

by:VNE
ID: 34940829
Where would the issue of multiple user name and passwords come in?  If the user name and passwords were the same on the new server and the new server did dns couldnt I just tell all the outlook clients where the exchange server is?  Remember, we're not using the exchange server for anything but email and calendar.  There's no AD authentication of any kind being done on the exchange server (except through Outlook).

Actually in a few years we will be buying a new exchange server as the ours is already about 3 years old.

vne
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 14

Expert Comment

by:Kaffiend
ID: 34940911
Please don't do it.

You *can* change the domain.  But, don't forget the Domain Controller is also an Exchange server.  Exchange will most likely break if you do that.

There is plenty of documentation out there on using the rendom.exe and xdr-fixup tools.  Although it can be time-consuming, it can be done.  

However, Microsoft tells you in its documentation that you can't use these tools successfully if Exchange is installed on a DC.  See:  http://msexchangeteam.com/archive/2004/08/30/222719.aspx

0
 
LVL 14

Expert Comment

by:Kaffiend
ID: 34940934
Um yeah, different passwords for logging in, and for email.

Kinda defeats the purpose of Active Directory, which promises Single-Sign-On, to access company resources - logons, email, file access, sharepoint, etc

0
 
LVL 14

Expert Comment

by:Kaffiend
ID: 34940982
Oh, you said "ours".

That changes things.

You are internal IT for mycompany.com?  The same company that has the Exchange server?  If so, then you don't really have any worries.  There are many organizations that have their internal and external DNS names the same.  Not a Best Practice, but not a big deal either.  Just maintain your internal DNS zone properly, and you will have no worries.
0
 

Author Comment

by:VNE
ID: 34946374
Kaffiend,

Now I'm a little confused.  Why would I be in a situation where the users email password and their logging in password would be different?  Right now in the host file of each pc I've got an entry for our internal exchange server.  When I setup a user on a new pc I just set the user up to use their email name and password for access to the pc.  Outlook then takes that password when I configure it and accesses the exchange server with it.

For instance:  John's email address is john@mycompany.com and his email password is john123.  When John logs onto his pc he uses the user name of John and the password of john123.  When john accesses the file server Windows also uses these credentials because his username and password are the same on the file server.

I was thinking maybe I could configure AD on the new server with a different domain than the exchange server and join Johns pc to the new domain leaving his Outlook and Exchange configurations alone.

Clear as mud??

vne

0
 

Author Comment

by:VNE
ID: 34946431
Keffiend,

And you are correct about our company configuration.  I am the internal IT guy and we have our own exchange box.  On that box I created an AD domain that is the same as our external website domain.  When I think about your response it would seem perfectly doable to handle any traffic destined for the website with our internal dns.  I mean, thats what dns is for right?

I mean the ONLY issue here is that our internal domain is the same as our website domain.  Cant we just route traffic to the website with dns entries?
0
 
LVL 14

Accepted Solution

by:
Kaffiend earned 500 total points
ID: 34949093
If you were to install AD with a different domain on the new server, then there would (potentially) be 2 separate usernames and passwords for logging in and for email.  I suppose you could keep them both the same, but it's not really necessary to do that.

My suggestion, is to keep the present domain.  Even though it may not be considered a best practice, there are many organizations getting along just fine that have their internal and external domain names the same.  If you populate your DNS with the applicable records that point to external IPs, then you are all set.

Not really an issue.

Installing a new Active Directory side-by-side, is really not necessary.


Oh, and BTW, re your post at 12:46pm: When a PC is joined to Active Directory, you would want the user to log on to the domain (as opposed to logging on to the local computer), and a new user profile would be created on that PC when a user logs on to the domain.  You need to be ready to import the existing profile into the user's domain profile.
0
 

Author Comment

by:VNE
ID: 34949104
Thanks for your help Kaffiend.  This is exactly the kind of info I needed.  I felt like it wouldnt be a big deal but needed someone to verify it for me.

Thanks man.

vne
0

Featured Post

Backup Solution for AWS

Read about how CloudBerry Backup fully integrates your backups with Amazon S3 and Amazon Glacier to provide military-grade encryption and dramatically cut storage costs on any platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question