Solved

Exchange 2010 and AD Design

Posted on 2011-03-02
9
976 Views
Last Modified: 2012-05-11
Hello,

 We are in the process of moving all the servers from our corporate office to another place as we rented rack space. We have a single AD (Domain.com), Exchange 2010. We have one corporate office and all the users in the office login to AD. We are planning to have site to site VPN for AD Replication only. (All of the work we do is using share point and users get to it using internet)

My question is what are my best options as for AD and exchange Design. I was planning to create a SITE (corp.domain.com ) at our corporate (as i have a spare dell tower server i can use) in  a seperate subnet as we need to configure site to site vpn  and all the users will use that SITE for authentication, DHCP, etc.. instead of authenticating from the Primary DC over VPN and use outlook anywhere for EMAIL.

Do you think this is a good IDEA. Do any of you have better solution. If so please advise.


Thank you,
Raj.
 
0
Comment
Question by:PHESupport
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 23

Expert Comment

by:Brian B
ID: 35021598
You may be making it more complicated than required. Why not have separate OUs in the same domain for the two groups? It would make things easier to administer.
0
 
LVL 41

Assisted Solution

by:Amit
Amit earned 125 total points
ID: 35021614
You can setup a new site for new office. Assign the necessary subnets, install new Additional Domain Controller. This resolves the AD issue and will not required to authenticate over the VPN

For Exchange you can use OWA or Outlook Anywhere also.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35021630
your idea is correct however you are just mixing one point, a site will still be domain.com you will not have corp.domain.com unless your ad domain is already corp.domain.com
0
 

Author Comment

by:PHESupport
ID: 35021675
Thank you all for the suggestions. My situation is all the server will move including AD and exchange and i dont want my users to eat up all the bandwidth for authentication and email (Outlook traffic). So i was planning to create a site at existing office so users can use that box to authenticate. I have a spare box i can use for that purpose with secondary DNS pointing to primary DC.

So when i create a site it does not have to be site.domain.com ?
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 49

Expert Comment

by:Akhater
ID: 35021713
no a site is different from a subdomain, it is used exactly for the purpose you want,

in Active Directory Sites and Services you create 2 sites

1. collocation and assign to  it the subnet obeject of your collocation
2. Copr and assign to it the subnet of your office

assign each DC to it corresponding site and AD will take care of the rest all the users with IPs in the corp subnet will authenticate from the designated dc
0
 

Author Comment

by:PHESupport
ID: 35021783
Ok. So since i already have a DC for Domain.com i create another DC and then go to sites and services create two subnets one for colocation and one for corp and point DNS to each other and that should do it right ?

What about Exchange ? Do i need to create another exchange server for CORP or existing 2010 will take care of all the users and mailboxes for both colocation and corp?

We do have two branch offices with about 10 users and they use site to site VPN to colocation right? Currently they are using site to site VPN to corp.
0
 
LVL 49

Accepted Solution

by:
Akhater earned 250 total points
ID: 35021824
1. create anoother DC
2. go to sites and services create two subnet objects one for colocation and one for corp
3. in  sites and services create 2 sites colocation and assign to it the corresponding subnet object and corp and assign to it the corresponding subnet object

for exchange one server can take care of them all
0
 
LVL 23

Assisted Solution

by:Brian B
Brian B earned 125 total points
ID: 35029566
As long as it is one *domain*, Exchange won't care. Even if the second site is remote, as long as there some sort of connection between the two (VPN, most likely) AD will treat all as one big domain.
0
 

Author Closing Comment

by:PHESupport
ID: 35151058
I am distributing the points as the help was fast and assigned more points to akhater as he answered more questions.

Thank you.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now