?
Solved

What Exchange connectors do I need to configure/delete if I am separating an active directory site into it's own domain when it also had it's own exchange server?

Posted on 2014-12-04
5
Medium Priority
?
191 Views
Last Modified: 2014-12-05
Here's the layout:
Domain: internalDomain.com
Sites: centralSite - Exchange 2010 (named centralExchange) hosting "centralEmail.com"
          location2 - Exchange 2010 (named location2Exchange) hosting "location2Email.com"
The sites are connected via a BOVPN tunnel. Location 2 was sold to another company that is wanting to keep internalDomain.com as the Windows domain as they do not need to externally route anything as location2Email.com
As a test, we cut the BOVPN tunnel. Email from centralEmail.com would not route to location2Email.com and visa versa.
Here are the connectors that we have on each server:
centralSite (centralExchange)
Send connector - "To Internet - central" address spaces = SMTP(type), *(address), 1(cost)
3 - Recieve conntectors
Client centralExhcange (Enabled)
Default centralExchange (Enabled)
Internal Exchange (Enabled)
location2 (location2Exchange)
Send connector - "To Internet - location2Email.com" address spaces = SMTP(type), *(address), 1(cost)
3 - Recieve conntectors
Client location2Exhcange (Enabled)
Default location2Exchange (Enabled)
nternal Exchange (Enabled)

The end game would be to cut the tunnel, promote the secondary domain controller at location2 and have two separate distinct networks that are no longer connected and remove all Exchange connectors, domain DNS/DHCP/AD records for the disconnected company. I hopefully explained the scenario enough, but will be available to answer any questions. Thank you for any help provided.
0
Comment
Question by:DaveGerke
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 14

Expert Comment

by:Andy M
ID: 40482509
Does your send connectors use DNS or are they configured for smarthosts? If smarthost are they configured to point to the other exchange server or to a third party external smarthost?

Also what is the configuration on your receive connectors - especially port numbers, accepted IP's, and security settings?
0
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 40482551
Active directory domain is same domain/forest on both sites?
If I not misunderstood, you will "broke" your domain on two fully separates networks but is same domain. The problem is both domains (really same) will have ID´s valid on both domains but are totally different domains and will cause security leakage. Consider remove completely location2 internal domain.
On Exchange, as said Andy depends of your configuration, but I think you could remove Internal Exchange connector, check addresses routed on this connector (out of the box client and default connectors are created but internal not).
0
 

Author Comment

by:DaveGerke
ID: 40483005
Andy, Our send connectors use DNS. The receive connectors are configured as follows:
Client centralExchange and Default centralExchange connectors - all available ip4 and ip6 on port 587, settings on screenshotreceive-connector-settings.jpgInternal Exchange connector uses all available local IP addresses IP4 on port 25, receive mail from remote servers that have ip addresses is set to the (non routable/natted) ip address of the "location2Exchange" server authentication tab is basically the same as the screenshot, but with "Exchange Server authentication" checked as well.

Miguel, We were planning to convert location2 to a whole new domain (as location2Email.com), but they brought in a consultant to convinced them to not let us do that. As for the security leakage, I am not sure what you mean. We are going to remove all AD objects that belong to the other company and there will not be a tunnel connecting the two so SSIDs should not matter. Those are my thoughts only and I could very well be wrong.
0
 
LVL 14

Accepted Solution

by:
Andy M earned 2000 total points
ID: 40483145
Regarding the exchange connectors you'll only need to remove the internal exchange connector then - everything else appears to be on default so should work normally.

Splitting the domain in two and keeping the servers as is does raise concerns as the servers will effectively have settings in place that requires them to speak to each other (dns, active directory, replication, etc). If the servers can't talk to each other they will become tombstoned which can cause all manner of issues and does take some hacking of AD/DNS to rectify (and even then there's always the chance it's still not going to work correctly). Personally I would create a new domain rather than splitting one in two - it'll save you headaches later on, especially if you are not proficient with AD.
0
 

Author Comment

by:DaveGerke
ID: 40483222
I would love to create a new domain. The problem is that in the negotiating contract, we are on the hook for a transitional time period in which we are obligated to get them setup, but the new company is making the choice to not setup a new domain.

There has to be a way to decommission server without them being attached to the network, so we are going to attempt to do that with each server residing at the opposite location. I will also go through ADUC, DNS, etc to remove records for the other objects and also remove the site in AD sites.
0

Featured Post

Optimum High-Definition Video Viewing and Control

The ATEN VM0404HA 4x4 4K HDMI Matrix Switch supports 4K resolutions of UHD (3840 x 2160) and DCI (4096 x 2160) with refresh rates of 30 Hz (4:4:4) and 60 Hz (4:2:0). It is ideal for applications where the routing of 4K digital signals is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
how to add IIS SMTP to handle application/Scanner relays into office 365.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question