Solved

What Exchange connectors do I need to configure/delete if I am separating an active directory site into it's own domain when it also had it's own exchange server?

Posted on 2014-12-04
5
176 Views
Last Modified: 2014-12-05
Here's the layout:
Domain: internalDomain.com
Sites: centralSite - Exchange 2010 (named centralExchange) hosting "centralEmail.com"
          location2 - Exchange 2010 (named location2Exchange) hosting "location2Email.com"
The sites are connected via a BOVPN tunnel. Location 2 was sold to another company that is wanting to keep internalDomain.com as the Windows domain as they do not need to externally route anything as location2Email.com
As a test, we cut the BOVPN tunnel. Email from centralEmail.com would not route to location2Email.com and visa versa.
Here are the connectors that we have on each server:
centralSite (centralExchange)
Send connector - "To Internet - central" address spaces = SMTP(type), *(address), 1(cost)
3 - Recieve conntectors
Client centralExhcange (Enabled)
Default centralExchange (Enabled)
Internal Exchange (Enabled)
location2 (location2Exchange)
Send connector - "To Internet - location2Email.com" address spaces = SMTP(type), *(address), 1(cost)
3 - Recieve conntectors
Client location2Exhcange (Enabled)
Default location2Exchange (Enabled)
nternal Exchange (Enabled)

The end game would be to cut the tunnel, promote the secondary domain controller at location2 and have two separate distinct networks that are no longer connected and remove all Exchange connectors, domain DNS/DHCP/AD records for the disconnected company. I hopefully explained the scenario enough, but will be available to answer any questions. Thank you for any help provided.
0
Comment
Question by:DaveGerke
  • 2
  • 2
5 Comments
 
LVL 13

Expert Comment

by:Andy M
ID: 40482509
Does your send connectors use DNS or are they configured for smarthosts? If smarthost are they configured to point to the other exchange server or to a third party external smarthost?

Also what is the configuration on your receive connectors - especially port numbers, accepted IP's, and security settings?
0
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 40482551
Active directory domain is same domain/forest on both sites?
If I not misunderstood, you will "broke" your domain on two fully separates networks but is same domain. The problem is both domains (really same) will have ID´s valid on both domains but are totally different domains and will cause security leakage. Consider remove completely location2 internal domain.
On Exchange, as said Andy depends of your configuration, but I think you could remove Internal Exchange connector, check addresses routed on this connector (out of the box client and default connectors are created but internal not).
0
 

Author Comment

by:DaveGerke
ID: 40483005
Andy, Our send connectors use DNS. The receive connectors are configured as follows:
Client centralExchange and Default centralExchange connectors - all available ip4 and ip6 on port 587, settings on screenshotreceive-connector-settings.jpgInternal Exchange connector uses all available local IP addresses IP4 on port 25, receive mail from remote servers that have ip addresses is set to the (non routable/natted) ip address of the "location2Exchange" server authentication tab is basically the same as the screenshot, but with "Exchange Server authentication" checked as well.

Miguel, We were planning to convert location2 to a whole new domain (as location2Email.com), but they brought in a consultant to convinced them to not let us do that. As for the security leakage, I am not sure what you mean. We are going to remove all AD objects that belong to the other company and there will not be a tunnel connecting the two so SSIDs should not matter. Those are my thoughts only and I could very well be wrong.
0
 
LVL 13

Accepted Solution

by:
Andy M earned 500 total points
ID: 40483145
Regarding the exchange connectors you'll only need to remove the internal exchange connector then - everything else appears to be on default so should work normally.

Splitting the domain in two and keeping the servers as is does raise concerns as the servers will effectively have settings in place that requires them to speak to each other (dns, active directory, replication, etc). If the servers can't talk to each other they will become tombstoned which can cause all manner of issues and does take some hacking of AD/DNS to rectify (and even then there's always the chance it's still not going to work correctly). Personally I would create a new domain rather than splitting one in two - it'll save you headaches later on, especially if you are not proficient with AD.
0
 

Author Comment

by:DaveGerke
ID: 40483222
I would love to create a new domain. The problem is that in the negotiating contract, we are on the hook for a transitional time period in which we are obligated to get them setup, but the new company is making the choice to not setup a new domain.

There has to be a way to decommission server without them being attached to the network, so we are going to attempt to do that with each server residing at the opposite location. I will also go through ADUC, DNS, etc to remove records for the other objects and also remove the site in AD sites.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
This video discusses moving either the default database or any database to a new volume.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now