What Exchange connectors do I need to configure/delete if I am separating an active directory site into it's own domain when it also had it's own exchange server?

Posted on 2014-12-04
Last Modified: 2014-12-05
Here's the layout:
Sites: centralSite - Exchange 2010 (named centralExchange) hosting ""
          location2 - Exchange 2010 (named location2Exchange) hosting ""
The sites are connected via a BOVPN tunnel. Location 2 was sold to another company that is wanting to keep as the Windows domain as they do not need to externally route anything as
As a test, we cut the BOVPN tunnel. Email from would not route to and visa versa.
Here are the connectors that we have on each server:
centralSite (centralExchange)
Send connector - "To Internet - central" address spaces = SMTP(type), *(address), 1(cost)
3 - Recieve conntectors
Client centralExhcange (Enabled)
Default centralExchange (Enabled)
Internal Exchange (Enabled)
location2 (location2Exchange)
Send connector - "To Internet -" address spaces = SMTP(type), *(address), 1(cost)
3 - Recieve conntectors
Client location2Exhcange (Enabled)
Default location2Exchange (Enabled)
nternal Exchange (Enabled)

The end game would be to cut the tunnel, promote the secondary domain controller at location2 and have two separate distinct networks that are no longer connected and remove all Exchange connectors, domain DNS/DHCP/AD records for the disconnected company. I hopefully explained the scenario enough, but will be available to answer any questions. Thank you for any help provided.
Question by:DaveGerke
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 14

Expert Comment

by:Andy M
ID: 40482509
Does your send connectors use DNS or are they configured for smarthosts? If smarthost are they configured to point to the other exchange server or to a third party external smarthost?

Also what is the configuration on your receive connectors - especially port numbers, accepted IP's, and security settings?
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 40482551
Active directory domain is same domain/forest on both sites?
If I not misunderstood, you will "broke" your domain on two fully separates networks but is same domain. The problem is both domains (really same) will have ID´s valid on both domains but are totally different domains and will cause security leakage. Consider remove completely location2 internal domain.
On Exchange, as said Andy depends of your configuration, but I think you could remove Internal Exchange connector, check addresses routed on this connector (out of the box client and default connectors are created but internal not).

Author Comment

ID: 40483005
Andy, Our send connectors use DNS. The receive connectors are configured as follows:
Client centralExchange and Default centralExchange connectors - all available ip4 and ip6 on port 587, settings on screenshotreceive-connector-settings.jpgInternal Exchange connector uses all available local IP addresses IP4 on port 25, receive mail from remote servers that have ip addresses is set to the (non routable/natted) ip address of the "location2Exchange" server authentication tab is basically the same as the screenshot, but with "Exchange Server authentication" checked as well.

Miguel, We were planning to convert location2 to a whole new domain (as, but they brought in a consultant to convinced them to not let us do that. As for the security leakage, I am not sure what you mean. We are going to remove all AD objects that belong to the other company and there will not be a tunnel connecting the two so SSIDs should not matter. Those are my thoughts only and I could very well be wrong.
LVL 14

Accepted Solution

Andy M earned 500 total points
ID: 40483145
Regarding the exchange connectors you'll only need to remove the internal exchange connector then - everything else appears to be on default so should work normally.

Splitting the domain in two and keeping the servers as is does raise concerns as the servers will effectively have settings in place that requires them to speak to each other (dns, active directory, replication, etc). If the servers can't talk to each other they will become tombstoned which can cause all manner of issues and does take some hacking of AD/DNS to rectify (and even then there's always the chance it's still not going to work correctly). Personally I would create a new domain rather than splitting one in two - it'll save you headaches later on, especially if you are not proficient with AD.

Author Comment

ID: 40483222
I would love to create a new domain. The problem is that in the negotiating contract, we are on the hook for a transitional time period in which we are obligated to get them setup, but the new company is making the choice to not setup a new domain.

There has to be a way to decommission server without them being attached to the network, so we are going to attempt to do that with each server residing at the opposite location. I will also go through ADUC, DNS, etc to remove records for the other objects and also remove the site in AD sites.

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit If you want to manage em…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question