Solved

New Exchange 2010 installation into existing domain or new domain

Posted on 2012-04-13
6
215 Views
Last Modified: 2013-01-29
I have a new client and I'm going to be deploying exch 2010.  I wanted to get some feedback on what others might suggest give the current situation.
current domain: mynewdomain.local (yes that is actually the domain they picked)
domain is windows 2003
Exchange is 2003 enterprise
Front End exchange server
2 exchange servers hosting multiple storage groups each (one in US one in Germany)
about 20 abusive users (i.e. 17GB mail files) no control in place currently
Total number of users 150
GFI mail archiver in place and journaling is setup
2 child domains
Lots of custom GPO of which some are not in use
current naming convention is poor (i.e. server1, server2, davelaptop, brianslaptop, etc)

my options as i see it

1. bring up clean new win2k8 forest with exchange 2010, setup transitive trust between the two, slowly migrate users over to the new forest and implement a better naming convention.  I know this has the potential to be messy...but solves a number of problems as I see it

2. Keep that gem of a domain and go through the process of upgrading the existing forest, migrate users to the new exchange 2010 setup, change the naming convenction moving forward

both options will require dropping an mailbox server in each site.  Edge servers, hub transport numbers & placement, CAS servers, etc is pretty straight forward

Thoughts, feedback, gotcha's etc would be appreciated.


thanks
0
Comment
Question by:naiadmin
  • 2
  • 2
  • 2
6 Comments
 
LVL 17

Accepted Solution

by:
Anuroopsundd earned 250 total points
ID: 37844367
Creating new domain will have lots of additonal burdens and work. definately it will be cleanup of dirt around..
1. you create a new domain.
----how many machines they have?
-- -- what applications they have which may be effected due to rename of machines.

They already have child domain so i assume they have lots of users around and which will not be easy to handle.
-- what all servers they have which are integrated with Domain authentication and provide access with Domain authentication.. .Like Sharepoint.

2.Setup Exchange in Existing Domain..

---- Easy to have but will require some cleanup which you already discussed..
0
 

Author Comment

by:naiadmin
ID: 37844829
thanks for the response....yes this is an interesting one...I think it's going to be messy any direction i choose.
they have approx 300 PC's and 50 servers...I wouldn't rename them all at once....I would move forward with a new naming convention and slow rename the old devices as time permits.  
They have 2 sharepoint instances...both are WSS 3.0 one in the US and one in Germany...messy...I was looking to consolidate into Sharepoint 2010.  
I have migrated out most of the old legacy servers and implemented a new server naming convention....They also have 10 linux servers...but those are tied to an NIS server....i know i can integrate that in the future...but that is a seperate issue.  
The SSL VPN setup with the sonicwall's is an easy transition and I have already started working on the RADIUS setup to address the devices that support that including the routers, switches, Aironet's, etc.  that is an easy setup...

I just can't get over that root domain name, and while the existing 2003 forest looks healthy, I don't want to build on something that could fall apart later...I've done dozens and dozens of 2003 to 2008 upgrades without issue (some with issues, too) and I'm not opposed to that here...but I also don't want to work to clean up a poor deployment to be left with a poor deployment.  I'd rather harvest the good from the poor deployment and be left with a solid new deployment.  

It's going to be messy any way I proceed...

Thoughts.

Thx
0
 
LVL 10

Assisted Solution

by:millardjk
millardjk earned 250 total points
ID: 37845519
It was fairly common practice in the early Windows Server 2000 days to build an Active Directory domain based on an NT4 domain name with ".local" appended to it. When the customer got around to purchasing a domain for use on the Internet, it frequently didn't match the original NetBIOS name, so it wasn't a big deal to create a second set of zones for the "outside" names, leaving the AD zones (and AD domain name) alone.

That's the situation you're in now.

Do yourself and your customer a favor: don't screw with the existing domain/forest naming scheme. Not only does it work for Exch 2003, it'll work fine for Exch 2010. All you need to do is be very deliberate in your configuration for inside & outside URLs, as well as proper names for Subject Alternative Name records in SSL certificates.

Once they're joined to the domain, your hosts will be saddled with the .local domain name, but you can use CNAMEs to handle mapping things from their public DNS names to the .local ID. You'll be fine.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:naiadmin
ID: 37845675
millardjk - I appreciate the feedback...thank you....and yes I'm very familiar with the .local strategy....I have used it for years...the funny thing is the actual domain name is "mynewdomain.local"  I'm not using mynewdomain as a placeholder for the domain...that's acutally the name.  
...and yes all works now...and that is the fork in the road that i'm faced with...do i punt and do it the correct way (potentially messy and time consuming, but at the end clean an correct) or leave it as it is and just deal with it and make sure the nameing convention going forward is solid....i know this is the least line of resistence...
im still running checks on AD to ensure that it is healthy...if AD is a mess and unhealthy...then the decision becomes easier.  The previous admin told me "AD is broken" but couldn't tell me why or how...then just resigned...it's one of those deals...
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37845684
You will really require to see the AD status and why did the earlier Admin said it is broken.
if it has really big problems and you have option of getting new then it makes life simpler in long run with some extra efforts in the beginning.
0
 
LVL 10

Expert Comment

by:millardjk
ID: 37846289
Oh. My. Goodness.

Yes, results from DCDIAG will potentially push you to redoing the domain, but I'd be inclined to go the messier route that results in the best setup. My advice: discuss it with the customer. Let them know that you'll be putting more time into the project, but the end result will be far better than where they are today.

If they balk, do it the other way. But get it in writing, and get them to sign off on it.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

OfficeMate Freezes on login or does not load after login credentials are input.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now