Go Premium for a chance to win a PS4. Enter to Win


New Exchange 2010 installation into existing domain or new domain

Posted on 2012-04-13
Medium Priority
Last Modified: 2013-01-29
I have a new client and I'm going to be deploying exch 2010.  I wanted to get some feedback on what others might suggest give the current situation.
current domain: mynewdomain.local (yes that is actually the domain they picked)
domain is windows 2003
Exchange is 2003 enterprise
Front End exchange server
2 exchange servers hosting multiple storage groups each (one in US one in Germany)
about 20 abusive users (i.e. 17GB mail files) no control in place currently
Total number of users 150
GFI mail archiver in place and journaling is setup
2 child domains
Lots of custom GPO of which some are not in use
current naming convention is poor (i.e. server1, server2, davelaptop, brianslaptop, etc)

my options as i see it

1. bring up clean new win2k8 forest with exchange 2010, setup transitive trust between the two, slowly migrate users over to the new forest and implement a better naming convention.  I know this has the potential to be messy...but solves a number of problems as I see it

2. Keep that gem of a domain and go through the process of upgrading the existing forest, migrate users to the new exchange 2010 setup, change the naming convenction moving forward

both options will require dropping an mailbox server in each site.  Edge servers, hub transport numbers & placement, CAS servers, etc is pretty straight forward

Thoughts, feedback, gotcha's etc would be appreciated.

Question by:naiadmin
  • 2
  • 2
  • 2
LVL 17

Accepted Solution

Anuroopsundd earned 750 total points
ID: 37844367
Creating new domain will have lots of additonal burdens and work. definately it will be cleanup of dirt around..
1. you create a new domain.
----how many machines they have?
-- -- what applications they have which may be effected due to rename of machines.

They already have child domain so i assume they have lots of users around and which will not be easy to handle.
-- what all servers they have which are integrated with Domain authentication and provide access with Domain authentication.. .Like Sharepoint.

2.Setup Exchange in Existing Domain..

---- Easy to have but will require some cleanup which you already discussed..

Author Comment

ID: 37844829
thanks for the response....yes this is an interesting one...I think it's going to be messy any direction i choose.
they have approx 300 PC's and 50 servers...I wouldn't rename them all at once....I would move forward with a new naming convention and slow rename the old devices as time permits.  
They have 2 sharepoint instances...both are WSS 3.0 one in the US and one in Germany...messy...I was looking to consolidate into Sharepoint 2010.  
I have migrated out most of the old legacy servers and implemented a new server naming convention....They also have 10 linux servers...but those are tied to an NIS server....i know i can integrate that in the future...but that is a seperate issue.  
The SSL VPN setup with the sonicwall's is an easy transition and I have already started working on the RADIUS setup to address the devices that support that including the routers, switches, Aironet's, etc.  that is an easy setup...

I just can't get over that root domain name, and while the existing 2003 forest looks healthy, I don't want to build on something that could fall apart later...I've done dozens and dozens of 2003 to 2008 upgrades without issue (some with issues, too) and I'm not opposed to that here...but I also don't want to work to clean up a poor deployment to be left with a poor deployment.  I'd rather harvest the good from the poor deployment and be left with a solid new deployment.  

It's going to be messy any way I proceed...


LVL 10

Assisted Solution

millardjk earned 750 total points
ID: 37845519
It was fairly common practice in the early Windows Server 2000 days to build an Active Directory domain based on an NT4 domain name with ".local" appended to it. When the customer got around to purchasing a domain for use on the Internet, it frequently didn't match the original NetBIOS name, so it wasn't a big deal to create a second set of zones for the "outside" names, leaving the AD zones (and AD domain name) alone.

That's the situation you're in now.

Do yourself and your customer a favor: don't screw with the existing domain/forest naming scheme. Not only does it work for Exch 2003, it'll work fine for Exch 2010. All you need to do is be very deliberate in your configuration for inside & outside URLs, as well as proper names for Subject Alternative Name records in SSL certificates.

Once they're joined to the domain, your hosts will be saddled with the .local domain name, but you can use CNAMEs to handle mapping things from their public DNS names to the .local ID. You'll be fine.
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.


Author Comment

ID: 37845675
millardjk - I appreciate the feedback...thank you....and yes I'm very familiar with the .local strategy....I have used it for years...the funny thing is the actual domain name is "mynewdomain.local"  I'm not using mynewdomain as a placeholder for the domain...that's acutally the name.  
...and yes all works now...and that is the fork in the road that i'm faced with...do i punt and do it the correct way (potentially messy and time consuming, but at the end clean an correct) or leave it as it is and just deal with it and make sure the nameing convention going forward is solid....i know this is the least line of resistence...
im still running checks on AD to ensure that it is healthy...if AD is a mess and unhealthy...then the decision becomes easier.  The previous admin told me "AD is broken" but couldn't tell me why or how...then just resigned...it's one of those deals...
LVL 17

Expert Comment

ID: 37845684
You will really require to see the AD status and why did the earlier Admin said it is broken.
if it has really big problems and you have option of getting new then it makes life simpler in long run with some extra efforts in the beginning.
LVL 10

Expert Comment

ID: 37846289
Oh. My. Goodness.

Yes, results from DCDIAG will potentially push you to redoing the domain, but I'd be inclined to go the messier route that results in the best setup. My advice: discuss it with the customer. Let them know that you'll be putting more time into the project, but the end result will be far better than where they are today.

If they balk, do it the other way. But get it in writing, and get them to sign off on it.

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question