Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Exchange 2010 and AD Design

Posted on 2011-03-02
9
Medium Priority
?
991 Views
Last Modified: 2012-05-11
Hello,

 We are in the process of moving all the servers from our corporate office to another place as we rented rack space. We have a single AD (Domain.com), Exchange 2010. We have one corporate office and all the users in the office login to AD. We are planning to have site to site VPN for AD Replication only. (All of the work we do is using share point and users get to it using internet)

My question is what are my best options as for AD and exchange Design. I was planning to create a SITE (corp.domain.com ) at our corporate (as i have a spare dell tower server i can use) in  a seperate subnet as we need to configure site to site vpn  and all the users will use that SITE for authentication, DHCP, etc.. instead of authenticating from the Primary DC over VPN and use outlook anywhere for EMAIL.

Do you think this is a good IDEA. Do any of you have better solution. If so please advise.


Thank you,
Raj.
 
0
Comment
Question by:PHESupport
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 25

Expert Comment

by:Brian B
ID: 35021598
You may be making it more complicated than required. Why not have separate OUs in the same domain for the two groups? It would make things easier to administer.
0
 
LVL 44

Assisted Solution

by:Amit
Amit earned 500 total points
ID: 35021614
You can setup a new site for new office. Assign the necessary subnets, install new Additional Domain Controller. This resolves the AD issue and will not required to authenticate over the VPN

For Exchange you can use OWA or Outlook Anywhere also.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35021630
your idea is correct however you are just mixing one point, a site will still be domain.com you will not have corp.domain.com unless your ad domain is already corp.domain.com
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:PHESupport
ID: 35021675
Thank you all for the suggestions. My situation is all the server will move including AD and exchange and i dont want my users to eat up all the bandwidth for authentication and email (Outlook traffic). So i was planning to create a site at existing office so users can use that box to authenticate. I have a spare box i can use for that purpose with secondary DNS pointing to primary DC.

So when i create a site it does not have to be site.domain.com ?
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35021713
no a site is different from a subdomain, it is used exactly for the purpose you want,

in Active Directory Sites and Services you create 2 sites

1. collocation and assign to  it the subnet obeject of your collocation
2. Copr and assign to it the subnet of your office

assign each DC to it corresponding site and AD will take care of the rest all the users with IPs in the corp subnet will authenticate from the designated dc
0
 

Author Comment

by:PHESupport
ID: 35021783
Ok. So since i already have a DC for Domain.com i create another DC and then go to sites and services create two subnets one for colocation and one for corp and point DNS to each other and that should do it right ?

What about Exchange ? Do i need to create another exchange server for CORP or existing 2010 will take care of all the users and mailboxes for both colocation and corp?

We do have two branch offices with about 10 users and they use site to site VPN to colocation right? Currently they are using site to site VPN to corp.
0
 
LVL 49

Accepted Solution

by:
Akhater earned 1000 total points
ID: 35021824
1. create anoother DC
2. go to sites and services create two subnet objects one for colocation and one for corp
3. in  sites and services create 2 sites colocation and assign to it the corresponding subnet object and corp and assign to it the corresponding subnet object

for exchange one server can take care of them all
0
 
LVL 25

Assisted Solution

by:Brian B
Brian B earned 500 total points
ID: 35029566
As long as it is one *domain*, Exchange won't care. Even if the second site is remote, as long as there some sort of connection between the two (VPN, most likely) AD will treat all as one big domain.
0
 

Author Closing Comment

by:PHESupport
ID: 35151058
I am distributing the points as the help was fast and assigned more points to akhater as he answered more questions.

Thank you.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
How to effectively resolve the number one email related issue received by helpdesks.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question