We help IT Professionals succeed at work.

Need input on Exchange 2010 handling multiple email domains

pgm554
pgm554 asked
on
Have a customer with an SBS 2011 that has multiple email domains and was looking to use one Exchange server to manage them.

From what I have read it is possible,but looking for how to do articles or somebody that has done this before.

Any suggestions?
Comment
Watch Question

Michael OrtegaSales & Systems Engineer

Commented:
Just add the 2nd domain to the accepted domains tab in Exchange Management Console and update your address policy to assign the new domain to the appropriate users/mailboxes.

MO
Sales & Systems Engineer
Commented:
1. Open Exchange Management Console on your SBS
2. Expand Microsoft Exchange
3. Expand Organization Configuration
4. Click on the Accepted Domains tab
5. Click on New Accepted Domain from the Actions column on the right hand side of EMC
6. Complete the wizard

If you want the domain to automatically be propagated to existing accounts you'll want to go Email Address Policies tab under Organization Configuration and add it there.

If you just want to manually add the domain for users you can just go into their individual mailboxes in EMC and add the address there.

MO
Found that at the SBS Susan Bradly blog,but got a few ?'s.

Do I need to run the connect to the internet wizard and set up a separate SSL for each new domain I want to accept?

Does the new email user require an existing (default domain)Exchange mailbox or can I just set up a new user and manually add them in the user properties?
Michael OrtegaSales & Systems Engineer
Commented:
No need to run the Connect to the Internet Wizard.

If you have a single domain trusted SSL cert right now, you'll need to purchase a UCC (SAN) cert (with a minimum of 5 domains), so that you can put your current domain and your 2nd domain on the same cert. I would add autodiscover names to the cert as well. Your cert would contain at least all 4 names:

mail.currentdomain.com
mail.newdomain.com
autodiscover.currentdomain.com
autodiscover.newdomain.com

Of course, then you want to install the cert. You can create the CSR from within the EMC.

When you create the new user, you can modify their email addresses on the fly. Add the 2nd domain, remove the old one, keep both...whatever you want.

MO
Just talked to godaddy and for another 300 bucks I can have a 10 ssl on my ucc.
Michael OrtegaSales & Systems Engineer

Commented:
That's the way to go. One cert to rule them all!!!! =)

MO

Commented:
Personally I would abandoned hosting your own exchange server and migrate to the cloud, such as office 365 or appriver.  Not having the worry about backing up the server or having a disaster plan for exchange is a huge WIN!! The auto discovery is just moved and works very well. I just finished doing a migration using MigrationWiz and it went flawlessly. Very in expensive too.

Sorry this is not an answer you were looking, but rather another option to relieve the stress of hosting your own exchange server..
Michael OrtegaSales & Systems Engineer

Commented:
If you want the autodiscover component to work seamlessly my recommendation is to add the public email domains as UPN suffices in AD Domains and Trust and the update the user accounts in AD to use the new UPN suffixes for authentication. They can still use whatever private domain exists for authentication, e.g.

DOMAIN\username or username@domain.local

but they can also use the new UPN suffix, e.g.

username@publicdomain.com

To authentication with. The caveat, of course, is that their username has to match their email alias for this to work seamlessly. For example:

If jsmith's email address is John@publicdomain.com his username should be John as well...or the other way around jsmith for logon and jsmith for email alias.

MO
migrate to the cloud, ?

Lot's of these folks have tried it and the customer service sucked.
If they have an issue,I get the call and I know what it is and what to do about it.

Network Solutions ,Register and Godaddy all have 3rd party email servers and the customer service flat out sucks.

Nobody knows a frigging thing.
M$ can be the same way.
I know my routers ,ISP and how my servers are patched.
Will SzymkowskiSenior Solution Architect
Most Valuable Expert 2015
Top Expert 2015

Commented:
If you have multiple Accpeted Domains you do not need to add all of them to the cert. Are you hosting multi tenant or something? If you have a primary SMTP domain and have everyone connect using that (mail.primdomain.com).

This simplifies the entire process having all of your users connecting use one SMTP domain. If you have different lines of business that need to use a different STMP domain for sending and receive that is still accomplished this way.

SAN names would include..
- mail.primdomain.com
- autodiscover.primdomain.com

You will also save a lot of money going this way because the more SAN names you add to your cert the higher the cost.

You just need to have all of the MX records for all of the SMTP domains point to your Exchange server externally. Create your Accepted Domains on the Exchange server and then EAP (Email Address Policies).

This will allow all of the users to send and receive with the SMTP domain they are assigned, and only having one namespace to connect to rather than one for each Accepted Domain you have internally.

Will
One company has several different email domains  ,but the hosting service (Network Solutions) has a policy now of charging $59 bucks if you want to talk to somebody that knows anything if the email has issues.

I just said screw it,they got the server ,I going to drop their hosting and bring it in house.
I got two other Exchange boxes that have been solid for a few years ,so biting the bullet.

<This will allow all of the users to send and receive with the SMTP domain they are assigned, and only having one namespace to connect to rather than one for each Accepted Domain you have internally.
What about activesync?
Will SzymkowskiSenior Solution Architect
Most Valuable Expert 2015
Top Expert 2015

Commented:
You setup all virtual directories using the primary. Smtp domain. They will still be able to send/receive on the SMTP domain you specify.

Will.
still working on solution.
Just need to test.
Will SzymkowskiSenior Solution Architect
Most Valuable Expert 2015
Top Expert 2015

Commented:
I hope your solution only has the domains necessary added to your cert. As i outlined in my posts.

Will.
Finally ,looking at doing a test run.
I have a question concerning mx records and cname changes.

Say old company email server was mail,dog.com and I want it to point to mail.cat.com ,do I have to create a cname alias for this to work?
Will SzymkowskiSenior Solution Architect
Most Valuable Expert 2015
Top Expert 2015

Commented:
If you are changing your external SMTP Domain you need to create a new A host record for cat.com and then you need to create an associating record for mail.cat.com. You will then also need to make sure that your ISP points your external IP to the new mail.cat.domain (reverse) to ensure proper mail flow on the internet with out being blocked by spambots.

Will.
Michael OrtegaSales & Systems Engineer

Commented:
...and if you want to be able to access the FQDN of your mailserver on either mail.cat.com or mail.dog.com you'll want to add both names to your UCC cert as well as their autodiscover FQDN's as I indicated in my post previously. If your intent is to make everyone simply use one domain then there is no need to do that.

MO
I just set up email accounts on the new server to accept the new secondary mail domain and the new mail domain points to the new IP address ,but I am getting a bounce back.

host mail.xyz.com[50.242.94.xxx] said:
    550 5.7.1 Unable to relay (in reply to RCPT TO command)
Michael OrtegaSales & Systems Engineer

Commented:
You added the domain to accepted domains, right? Did you create a new receive connector just for this domain? If so, it's not necessary. If you did, and there is a reason for that, make sure the authentication is set to just anonymous.

MO
I just checked that and I thought I had ,but...

When I add the accepted domain ,do I need to add the FQDN (mail.xyz.com or just xyz.com)?
Michael OrtegaSales & Systems Engineer

Commented:
just xyz.com

MO
Changed it to the xyz.com.
Do I need to stop and start the transport hub again?
Michael OrtegaSales & Systems Engineer

Commented:
Shouldn't be necessary.

MO
Looks like I got it to send and receive(I had to add a new send connector for xyx.com smtp) .
Things seem to be OK,but now I have to figure out why SP3 won't install on 2010.
It will be another question here.