Solved

Exchange 2013 & DNS & Active Directory New Install on MS Server 2012

Posted on 2013-12-15
9
662 Views
Last Modified: 2014-03-02
I am trying to finalize a install Exchange 2013 in a small to medium size company.

My points I need to insure I full understanding on is Exchange 2013, DNS and Scheme of Domain Active Directory.

This is not a migration or upgrade.  So not to many mistakes can be made. Its a new Exchange 2013 installation in a domain that has never had exchange installed in it before.

I understand not installing on a domain controller and on a member server only but the DNS is the issue.


1) DNS: Do I need to add DNS Manually to the Exchange Server 2013 which is a member server to the Domain do I add the DNS as:

Primary Zone all its own for the "A". MX" "SPF" etc
or a Secondary Zone which is the same as both Domain Controllers so they are same DNS???


2) Do I need to run a prep for exchange on the Domain Controllers. Like in previous versions of Exchange 2003, 2007 you ran prep to the Scheme of the active directory.

3) DNS: I am insuring I have it setup so it will use Spilt DNS when comes to OWA, RPC over HTTP and Exchange Anywhere so that same URL  Exchange.domainname.com is being used for when you inside and outside the network.

Any other help advice would be greatlyt appreciated.

Thanks, Clint
0
Comment
Question by:Clint Jones
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 58

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 39720444
1) I would not add the DNS role to the exchange member server AT ALL. Let the exchNge server and all your clients use your DCs for DNS.

2) The setup will indeed need to update your schema.

3) Split DNS is indeed a common setup.
0
 

Author Comment

by:Clint Jones
ID: 39720454
yes but back in the day for no reason people use to use .local, .pdc etc etc.

So just use the DNS setting for my DC on the NIC card of Exchange server and put all the records in the DNS of the main domain controller???

When installing exchange it will update the active directory scheme for 2013 that is???
0
 
LVL 58

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 500 total points
ID: 39720718
That isn't a "back in the day" situation, and it definitely isn't for no reason. Without actually casting an opinion on it myself, since it isn't relevant to your question, all I will say is that plenty of people still choose a private TLD for active directory, like .local, and there are legitimate reasons with pros and cons in doing so. That won't impact your setup either way.

Yes, member servers should always point to a DC for DNS. That is fundamental to active directory working. And since they point to a DC, that is where you can set up more zones and records if you wish. Keep in mind that most times it is unnecessary. Outlook will not rely on MX records or similar when on an internal record. It will instead rely on information in Active Directory itself that it finds via an LDAP query. So as long as your clients are also using DCs for DNS, no extra DNS configuration is required.

Preparing AD for Exchange is part of the Exchange setup process. Review the process here:

http://technet.microsoft.com/en-us/library/bb125224(v=exchg.150).aspx
0
Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

 

Author Comment

by:Clint Jones
ID: 39731026
Yes and I do as well I don't phrase things always in completion because some don't care about the extra details.  I still use .PDC and .BDC but also use Microsoft recommendations on real live domain names with proper DNS setup.

I lucky in the respect I do small to medium size that I use Split DNS and IP is changed on MAC address for internal for security reasons etc...

On what you said "That isn't a "back in the day" situation, and it definitely isn't for no reason. Without actually casting an opinion on it myself, since it isn't relevant to your question, all I will say is that plenty of people still choose a private TLD for active directory, like .local, and there are legitimate reasons with pros and cons in doing so. That won't impact your setup either way.
0
 

Author Comment

by:Clint Jones
ID: 39731031
At the original Questions I knew most of what I asked but I at times for get a step so it is nice to hear it again or in a new way.

In past Exchange installation the scheme is changed and updates to the active directory and wanting to insure I do this part correctly... Active directory issues can be a nightmare even on minor accidentals...

Looking at the link on AD.
0
 

Author Comment

by:Clint Jones
ID: 39897701
There was no help from "Cliff Galiher", other the offense he got from back in the day lol. There no response back on further help. I had googled found the that answer already from the respondent in the question and google is where I found my solution ultimately.  

EE Please delete this questions.  Thanks
0
 

Author Comment

by:Clint Jones
ID: 39898138
I've requested that this question be closed as follows:

Accepted answer: 0 points for ClintStephenJones's comment #a39897701

for the following reason:

There was no help from "Cliff Galiher", other the offense he got from back in the day lol. There no response back on further help. I had googled found the that answer already from the respondent in the question and google is where I found my solution ultimately.  

EE Please delete this questions.  Thanks
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 39898139
Three questions were asked, and my first comment answered all three. Everything else was follow-up, but was neither offensive nor off-topic. Legitimate answers were provided.
0

Featured Post

IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question