New Exchange 2010 installation into existing domain or new domain

Posted on 2012-04-13
Last Modified: 2013-01-29
I have a new client and I'm going to be deploying exch 2010.  I wanted to get some feedback on what others might suggest give the current situation.
current domain: mynewdomain.local (yes that is actually the domain they picked)
domain is windows 2003
Exchange is 2003 enterprise
Front End exchange server
2 exchange servers hosting multiple storage groups each (one in US one in Germany)
about 20 abusive users (i.e. 17GB mail files) no control in place currently
Total number of users 150
GFI mail archiver in place and journaling is setup
2 child domains
Lots of custom GPO of which some are not in use
current naming convention is poor (i.e. server1, server2, davelaptop, brianslaptop, etc)

my options as i see it

1. bring up clean new win2k8 forest with exchange 2010, setup transitive trust between the two, slowly migrate users over to the new forest and implement a better naming convention.  I know this has the potential to be messy...but solves a number of problems as I see it

2. Keep that gem of a domain and go through the process of upgrading the existing forest, migrate users to the new exchange 2010 setup, change the naming convenction moving forward

both options will require dropping an mailbox server in each site.  Edge servers, hub transport numbers & placement, CAS servers, etc is pretty straight forward

Thoughts, feedback, gotcha's etc would be appreciated.

Question by:naiadmin
  • 2
  • 2
  • 2
LVL 17

Accepted Solution

Anuroopsundd earned 250 total points
ID: 37844367
Creating new domain will have lots of additonal burdens and work. definately it will be cleanup of dirt around..
1. you create a new domain.
----how many machines they have?
-- -- what applications they have which may be effected due to rename of machines.

They already have child domain so i assume they have lots of users around and which will not be easy to handle.
-- what all servers they have which are integrated with Domain authentication and provide access with Domain authentication.. .Like Sharepoint.

2.Setup Exchange in Existing Domain..

---- Easy to have but will require some cleanup which you already discussed..

Author Comment

ID: 37844829
thanks for the response....yes this is an interesting one...I think it's going to be messy any direction i choose.
they have approx 300 PC's and 50 servers...I wouldn't rename them all at once....I would move forward with a new naming convention and slow rename the old devices as time permits.  
They have 2 sharepoint instances...both are WSS 3.0 one in the US and one in Germany...messy...I was looking to consolidate into Sharepoint 2010.  
I have migrated out most of the old legacy servers and implemented a new server naming convention....They also have 10 linux servers...but those are tied to an NIS server....i know i can integrate that in the future...but that is a seperate issue.  
The SSL VPN setup with the sonicwall's is an easy transition and I have already started working on the RADIUS setup to address the devices that support that including the routers, switches, Aironet's, etc.  that is an easy setup...

I just can't get over that root domain name, and while the existing 2003 forest looks healthy, I don't want to build on something that could fall apart later...I've done dozens and dozens of 2003 to 2008 upgrades without issue (some with issues, too) and I'm not opposed to that here...but I also don't want to work to clean up a poor deployment to be left with a poor deployment.  I'd rather harvest the good from the poor deployment and be left with a solid new deployment.  

It's going to be messy any way I proceed...


LVL 10

Assisted Solution

millardjk earned 250 total points
ID: 37845519
It was fairly common practice in the early Windows Server 2000 days to build an Active Directory domain based on an NT4 domain name with ".local" appended to it. When the customer got around to purchasing a domain for use on the Internet, it frequently didn't match the original NetBIOS name, so it wasn't a big deal to create a second set of zones for the "outside" names, leaving the AD zones (and AD domain name) alone.

That's the situation you're in now.

Do yourself and your customer a favor: don't screw with the existing domain/forest naming scheme. Not only does it work for Exch 2003, it'll work fine for Exch 2010. All you need to do is be very deliberate in your configuration for inside & outside URLs, as well as proper names for Subject Alternative Name records in SSL certificates.

Once they're joined to the domain, your hosts will be saddled with the .local domain name, but you can use CNAMEs to handle mapping things from their public DNS names to the .local ID. You'll be fine.
Do email signature updates give you a headache?

Are you constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.


Author Comment

ID: 37845675
millardjk - I appreciate the feedback...thank you....and yes I'm very familiar with the .local strategy....I have used it for years...the funny thing is the actual domain name is "mynewdomain.local"  I'm not using mynewdomain as a placeholder for the domain...that's acutally the name.  
...and yes all works now...and that is the fork in the road that i'm faced i punt and do it the correct way (potentially messy and time consuming, but at the end clean an correct) or leave it as it is and just deal with it and make sure the nameing convention going forward is solid....i know this is the least line of resistence...
im still running checks on AD to ensure that it is healthy...if AD is a mess and unhealthy...then the decision becomes easier.  The previous admin told me "AD is broken" but couldn't tell me why or how...then just's one of those deals...
LVL 17

Expert Comment

ID: 37845684
You will really require to see the AD status and why did the earlier Admin said it is broken.
if it has really big problems and you have option of getting new then it makes life simpler in long run with some extra efforts in the beginning.
LVL 10

Expert Comment

ID: 37846289
Oh. My. Goodness.

Yes, results from DCDIAG will potentially push you to redoing the domain, but I'd be inclined to go the messier route that results in the best setup. My advice: discuss it with the customer. Let them know that you'll be putting more time into the project, but the end result will be far better than where they are today.

If they balk, do it the other way. But get it in writing, and get them to sign off on it.

Featured Post

Being driven mad by email signature updates?

Having to make a change to your users’ email signatures, yet again? Feel like your head is going to explode? Rely on an Exclaimer email signature management solution to make the process simple!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to:…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now