Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


New Exchange 2010 installation into existing domain or new domain

Posted on 2012-04-13
Medium Priority
Last Modified: 2013-01-29
I have a new client and I'm going to be deploying exch 2010.  I wanted to get some feedback on what others might suggest give the current situation.
current domain: mynewdomain.local (yes that is actually the domain they picked)
domain is windows 2003
Exchange is 2003 enterprise
Front End exchange server
2 exchange servers hosting multiple storage groups each (one in US one in Germany)
about 20 abusive users (i.e. 17GB mail files) no control in place currently
Total number of users 150
GFI mail archiver in place and journaling is setup
2 child domains
Lots of custom GPO of which some are not in use
current naming convention is poor (i.e. server1, server2, davelaptop, brianslaptop, etc)

my options as i see it

1. bring up clean new win2k8 forest with exchange 2010, setup transitive trust between the two, slowly migrate users over to the new forest and implement a better naming convention.  I know this has the potential to be messy...but solves a number of problems as I see it

2. Keep that gem of a domain and go through the process of upgrading the existing forest, migrate users to the new exchange 2010 setup, change the naming convenction moving forward

both options will require dropping an mailbox server in each site.  Edge servers, hub transport numbers & placement, CAS servers, etc is pretty straight forward

Thoughts, feedback, gotcha's etc would be appreciated.

Question by:naiadmin
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
LVL 17

Accepted Solution

Anuroopsundd earned 750 total points
ID: 37844367
Creating new domain will have lots of additonal burdens and work. definately it will be cleanup of dirt around..
1. you create a new domain.
----how many machines they have?
-- -- what applications they have which may be effected due to rename of machines.

They already have child domain so i assume they have lots of users around and which will not be easy to handle.
-- what all servers they have which are integrated with Domain authentication and provide access with Domain authentication.. .Like Sharepoint.

2.Setup Exchange in Existing Domain..

---- Easy to have but will require some cleanup which you already discussed..

Author Comment

ID: 37844829
thanks for the response....yes this is an interesting one...I think it's going to be messy any direction i choose.
they have approx 300 PC's and 50 servers...I wouldn't rename them all at once....I would move forward with a new naming convention and slow rename the old devices as time permits.  
They have 2 sharepoint instances...both are WSS 3.0 one in the US and one in Germany...messy...I was looking to consolidate into Sharepoint 2010.  
I have migrated out most of the old legacy servers and implemented a new server naming convention....They also have 10 linux servers...but those are tied to an NIS server....i know i can integrate that in the future...but that is a seperate issue.  
The SSL VPN setup with the sonicwall's is an easy transition and I have already started working on the RADIUS setup to address the devices that support that including the routers, switches, Aironet's, etc.  that is an easy setup...

I just can't get over that root domain name, and while the existing 2003 forest looks healthy, I don't want to build on something that could fall apart later...I've done dozens and dozens of 2003 to 2008 upgrades without issue (some with issues, too) and I'm not opposed to that here...but I also don't want to work to clean up a poor deployment to be left with a poor deployment.  I'd rather harvest the good from the poor deployment and be left with a solid new deployment.  

It's going to be messy any way I proceed...


LVL 10

Assisted Solution

millardjk earned 750 total points
ID: 37845519
It was fairly common practice in the early Windows Server 2000 days to build an Active Directory domain based on an NT4 domain name with ".local" appended to it. When the customer got around to purchasing a domain for use on the Internet, it frequently didn't match the original NetBIOS name, so it wasn't a big deal to create a second set of zones for the "outside" names, leaving the AD zones (and AD domain name) alone.

That's the situation you're in now.

Do yourself and your customer a favor: don't screw with the existing domain/forest naming scheme. Not only does it work for Exch 2003, it'll work fine for Exch 2010. All you need to do is be very deliberate in your configuration for inside & outside URLs, as well as proper names for Subject Alternative Name records in SSL certificates.

Once they're joined to the domain, your hosts will be saddled with the .local domain name, but you can use CNAMEs to handle mapping things from their public DNS names to the .local ID. You'll be fine.
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.


Author Comment

ID: 37845675
millardjk - I appreciate the feedback...thank you....and yes I'm very familiar with the .local strategy....I have used it for years...the funny thing is the actual domain name is "mynewdomain.local"  I'm not using mynewdomain as a placeholder for the domain...that's acutally the name.  
...and yes all works now...and that is the fork in the road that i'm faced with...do i punt and do it the correct way (potentially messy and time consuming, but at the end clean an correct) or leave it as it is and just deal with it and make sure the nameing convention going forward is solid....i know this is the least line of resistence...
im still running checks on AD to ensure that it is healthy...if AD is a mess and unhealthy...then the decision becomes easier.  The previous admin told me "AD is broken" but couldn't tell me why or how...then just resigned...it's one of those deals...
LVL 17

Expert Comment

ID: 37845684
You will really require to see the AD status and why did the earlier Admin said it is broken.
if it has really big problems and you have option of getting new then it makes life simpler in long run with some extra efforts in the beginning.
LVL 10

Expert Comment

ID: 37846289
Oh. My. Goodness.

Yes, results from DCDIAG will potentially push you to redoing the domain, but I'd be inclined to go the messier route that results in the best setup. My advice: discuss it with the customer. Let them know that you'll be putting more time into the project, but the end result will be far better than where they are today.

If they balk, do it the other way. But get it in writing, and get them to sign off on it.

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question