New Exchange 2010 installation into existing domain or new domain

I have a new client and I'm going to be deploying exch 2010.  I wanted to get some feedback on what others might suggest give the current situation.
current domain: mynewdomain.local (yes that is actually the domain they picked)
domain is windows 2003
Exchange is 2003 enterprise
Front End exchange server
2 exchange servers hosting multiple storage groups each (one in US one in Germany)
about 20 abusive users (i.e. 17GB mail files) no control in place currently
Total number of users 150
GFI mail archiver in place and journaling is setup
2 child domains
Lots of custom GPO of which some are not in use
current naming convention is poor (i.e. server1, server2, davelaptop, brianslaptop, etc)

my options as i see it

1. bring up clean new win2k8 forest with exchange 2010, setup transitive trust between the two, slowly migrate users over to the new forest and implement a better naming convention.  I know this has the potential to be messy...but solves a number of problems as I see it

2. Keep that gem of a domain and go through the process of upgrading the existing forest, migrate users to the new exchange 2010 setup, change the naming convenction moving forward

both options will require dropping an mailbox server in each site.  Edge servers, hub transport numbers & placement, CAS servers, etc is pretty straight forward

Thoughts, feedback, gotcha's etc would be appreciated.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Creating new domain will have lots of additonal burdens and work. definately it will be cleanup of dirt around..
1. you create a new domain.
----how many machines they have?
-- -- what applications they have which may be effected due to rename of machines.

They already have child domain so i assume they have lots of users around and which will not be easy to handle.
-- what all servers they have which are integrated with Domain authentication and provide access with Domain authentication.. .Like Sharepoint.

2.Setup Exchange in Existing Domain..

---- Easy to have but will require some cleanup which you already discussed..

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
naiadminAuthor Commented:
thanks for the response....yes this is an interesting one...I think it's going to be messy any direction i choose.
they have approx 300 PC's and 50 servers...I wouldn't rename them all at once....I would move forward with a new naming convention and slow rename the old devices as time permits.  
They have 2 sharepoint instances...both are WSS 3.0 one in the US and one in Germany...messy...I was looking to consolidate into Sharepoint 2010.  
I have migrated out most of the old legacy servers and implemented a new server naming convention....They also have 10 linux servers...but those are tied to an NIS server....i know i can integrate that in the future...but that is a seperate issue.  
The SSL VPN setup with the sonicwall's is an easy transition and I have already started working on the RADIUS setup to address the devices that support that including the routers, switches, Aironet's, etc.  that is an easy setup...

I just can't get over that root domain name, and while the existing 2003 forest looks healthy, I don't want to build on something that could fall apart later...I've done dozens and dozens of 2003 to 2008 upgrades without issue (some with issues, too) and I'm not opposed to that here...but I also don't want to work to clean up a poor deployment to be left with a poor deployment.  I'd rather harvest the good from the poor deployment and be left with a solid new deployment.  

It's going to be messy any way I proceed...


It was fairly common practice in the early Windows Server 2000 days to build an Active Directory domain based on an NT4 domain name with ".local" appended to it. When the customer got around to purchasing a domain for use on the Internet, it frequently didn't match the original NetBIOS name, so it wasn't a big deal to create a second set of zones for the "outside" names, leaving the AD zones (and AD domain name) alone.

That's the situation you're in now.

Do yourself and your customer a favor: don't screw with the existing domain/forest naming scheme. Not only does it work for Exch 2003, it'll work fine for Exch 2010. All you need to do is be very deliberate in your configuration for inside & outside URLs, as well as proper names for Subject Alternative Name records in SSL certificates.

Once they're joined to the domain, your hosts will be saddled with the .local domain name, but you can use CNAMEs to handle mapping things from their public DNS names to the .local ID. You'll be fine.
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

naiadminAuthor Commented:
millardjk - I appreciate the feedback...thank you....and yes I'm very familiar with the .local strategy....I have used it for years...the funny thing is the actual domain name is "mynewdomain.local"  I'm not using mynewdomain as a placeholder for the domain...that's acutally the name.  
...and yes all works now...and that is the fork in the road that i'm faced i punt and do it the correct way (potentially messy and time consuming, but at the end clean an correct) or leave it as it is and just deal with it and make sure the nameing convention going forward is solid....i know this is the least line of resistence...
im still running checks on AD to ensure that it is healthy...if AD is a mess and unhealthy...then the decision becomes easier.  The previous admin told me "AD is broken" but couldn't tell me why or how...then just's one of those deals...
You will really require to see the AD status and why did the earlier Admin said it is broken.
if it has really big problems and you have option of getting new then it makes life simpler in long run with some extra efforts in the beginning.
Oh. My. Goodness.

Yes, results from DCDIAG will potentially push you to redoing the domain, but I'd be inclined to go the messier route that results in the best setup. My advice: discuss it with the customer. Let them know that you'll be putting more time into the project, but the end result will be far better than where they are today.

If they balk, do it the other way. But get it in writing, and get them to sign off on it.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.