What Exchange connectors do I need to configure/delete if I am separating an active directory site into it's own domain when it also had it's own exchange server?

Posted on 2014-12-04
Last Modified: 2014-12-05
Here's the layout:
Sites: centralSite - Exchange 2010 (named centralExchange) hosting ""
          location2 - Exchange 2010 (named location2Exchange) hosting ""
The sites are connected via a BOVPN tunnel. Location 2 was sold to another company that is wanting to keep as the Windows domain as they do not need to externally route anything as
As a test, we cut the BOVPN tunnel. Email from would not route to and visa versa.
Here are the connectors that we have on each server:
centralSite (centralExchange)
Send connector - "To Internet - central" address spaces = SMTP(type), *(address), 1(cost)
3 - Recieve conntectors
Client centralExhcange (Enabled)
Default centralExchange (Enabled)
Internal Exchange (Enabled)
location2 (location2Exchange)
Send connector - "To Internet -" address spaces = SMTP(type), *(address), 1(cost)
3 - Recieve conntectors
Client location2Exhcange (Enabled)
Default location2Exchange (Enabled)
nternal Exchange (Enabled)

The end game would be to cut the tunnel, promote the secondary domain controller at location2 and have two separate distinct networks that are no longer connected and remove all Exchange connectors, domain DNS/DHCP/AD records for the disconnected company. I hopefully explained the scenario enough, but will be available to answer any questions. Thank you for any help provided.
Question by:DaveGerke
  • 2
  • 2
LVL 13

Expert Comment

by:Andy M
ID: 40482509
Does your send connectors use DNS or are they configured for smarthosts? If smarthost are they configured to point to the other exchange server or to a third party external smarthost?

Also what is the configuration on your receive connectors - especially port numbers, accepted IP's, and security settings?
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 40482551
Active directory domain is same domain/forest on both sites?
If I not misunderstood, you will "broke" your domain on two fully separates networks but is same domain. The problem is both domains (really same) will have ID´s valid on both domains but are totally different domains and will cause security leakage. Consider remove completely location2 internal domain.
On Exchange, as said Andy depends of your configuration, but I think you could remove Internal Exchange connector, check addresses routed on this connector (out of the box client and default connectors are created but internal not).

Author Comment

ID: 40483005
Andy, Our send connectors use DNS. The receive connectors are configured as follows:
Client centralExchange and Default centralExchange connectors - all available ip4 and ip6 on port 587, settings on screenshotreceive-connector-settings.jpgInternal Exchange connector uses all available local IP addresses IP4 on port 25, receive mail from remote servers that have ip addresses is set to the (non routable/natted) ip address of the "location2Exchange" server authentication tab is basically the same as the screenshot, but with "Exchange Server authentication" checked as well.

Miguel, We were planning to convert location2 to a whole new domain (as, but they brought in a consultant to convinced them to not let us do that. As for the security leakage, I am not sure what you mean. We are going to remove all AD objects that belong to the other company and there will not be a tunnel connecting the two so SSIDs should not matter. Those are my thoughts only and I could very well be wrong.
LVL 13

Accepted Solution

Andy M earned 500 total points
ID: 40483145
Regarding the exchange connectors you'll only need to remove the internal exchange connector then - everything else appears to be on default so should work normally.

Splitting the domain in two and keeping the servers as is does raise concerns as the servers will effectively have settings in place that requires them to speak to each other (dns, active directory, replication, etc). If the servers can't talk to each other they will become tombstoned which can cause all manner of issues and does take some hacking of AD/DNS to rectify (and even then there's always the chance it's still not going to work correctly). Personally I would create a new domain rather than splitting one in two - it'll save you headaches later on, especially if you are not proficient with AD.

Author Comment

ID: 40483222
I would love to create a new domain. The problem is that in the negotiating contract, we are on the hook for a transitional time period in which we are obligated to get them setup, but the new company is making the choice to not setup a new domain.

There has to be a way to decommission server without them being attached to the network, so we are going to attempt to do that with each server residing at the opposite location. I will also go through ADUC, DNS, etc to remove records for the other objects and also remove the site in AD sites.

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
This video discusses moving either the default database or any database to a new volume.

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question