DR site redundancy for incoming e-mail

Hi Experts,

In my scenario we have four branch offices and head office with different domains and different email address as below

User1@ Branchoffice1.com> using Exchange 2010
User2@ Branchoffice2.com > using Exchange 2010
User3@ Branchoffice3.com >using Exchange 2013
User4@ Branchoffice4.com> using Exchange 2010
User5@Headoffice.com>     using Exchange 2010

According to management decision, I need to work to consolidate  email address for branch office, meaning that all branch office users will get headoffice.com email address so that they can use both internal and external email address as headoffice.com instead of branchoffice.com.

At present, management do not want to move mailbox from branch office to head office rather only email flow so that all branch office users will send and receive email via headoffice.com sitting in their own email infrastructure.

Branch offices users will be using branch office exchange sever for their active directory and exchange authentication but their email address will be headoffice.com instead of branch office.com. And we are not planning to move branch office user’s mailbox to head office.
I am ok with the technical configuration for the above requirement and followed the procedure as Simon advised.
Now I need to know how I can ensure DR site redundancy for incoming e-mail. Since all the branch offices incoming emails will be receiving through head office and if head office primary site goes down then it will impact head office & branch office incoming email directly.

In the head office we have Disaster Recovery site, where by I have configured one Mailbox server which is member of the DAG, Hub transport server, CAS server. We have iron port in the primary site but do not have iron port in the DR site rather I have configured one EDGE server for DR site.

To ensure DR site redundancy for incoming email, should I introduce another IRON port in the DR site for SPAM filter instead of relying on EDGE server and if any disaster strikes I can make that site active?
In addition to head office DR site, should I configure one of the branch office site as DR as well meaning that I am planning to Add one more server from Branch office as a member of DAG, then another server for HUB/CAS but the branch office servers (Mailbox, HUB, CAS) will be part of head office Active directory . Please advise.
Note: I have asked kind of similar question as the URL below whereby Simon advised on the technical procedure. But now need to know the DR site redundancy for incoming e-mail.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Does each branch office have it's own AD domain, and if so, are they all in one forest or are there multiple forests?

You should have two Spam filters, one for each site. That's not a requirement, but it would mean that anything coming to the secondary mail server would be unfiltered if you only had a single Iron Port.

It seems pretty reasonable to have all of the mailboxes in a DAG. It doesn't matter much if the DAG copy is in the head office, DR site, or another branch, as long as you have enough bandwidth and resources.

For inbound mail from the Internet, you simply would have two MX records for your domains, with each record pointing to the public IP of an IronPort.

All of the Exchange servers in a forest should know how to route the mail to every mailbox in the organization. That information is stored in AD.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ipsec600Author Commented:
Excellent, thank you kevinhsieh for your reply.

Yes each branch office has their own AD domain with forest, so each branch has different forest root.

So here is my plan for incoming email redundancy:
Introduce  MX record which will point to DR site of head office
Introduce another MX record which will point to branch site.
Add another member of the DAG for branch office since bandwidth is not an issue, also CAS/HUB
since the domain is different for that I plan to keep the branch office server (mailbox/CAS/Hub) in headoffice domain only difference they would be physically located to branch office.
Introduce another DC in branch office as additional DC for headoffice domain

Just the way I designed DR exchange site for head office, planning to set up the same for Branch office.

If primary site goes down down then I will active DR site and if needed, I can active from branch site as well. Is that designing will be ok for ensuring incoming email redundancy or anything I am missing?
DAG requires that members of the DAG be part of the same domain. This means that you either don't do DAG, or you have a ton of Exchange servers and DCs all over the place since you can't mingle multiple branches on a single server, or you consolidate down to a single domain. Consolidating AD is a lot of work, but should bring other benefits as well. You can also just move everything to Office 365, which is probably the best and easiest solution.
Jian An LimSolutions ArchitectCommented:
i think you have over complex your solutions.

I assume all your exchange server in every branches have inbound capability before.

YOu can put all your MX record for every exchange servers.


for every branches office, you have internalrelay domain of headoffice.com , and then create a send connector to force all headoffice.com email to Headoffice.com exchange server.

you can use AD's targetaddress to push their communication to the right location

for example, If
At branchoffice.com

User1 will use headoffice.com as primary email address and have a secondary email address Branchoffice1.com

At other office.
User 1 will be a contact person and their forwarding email address is user1@branchoffice1.com

by doing so, every email that arrive to any exchange server, it will route to the right location without any issues.
ipsec600Author Commented:
Thank you Guys for your excellent clarification.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.