Setting up Exchange 2013 to use a different External Domain

HI Experts.

I have a setup with Exchange running a important test environment using  This is used for internal testing and email works fine internally, but mail flow in/out of the domain has never been setup, also I haven't got ownership of an external DNS running this domain.

I now need to get it working so I can send/receive email externally using, whilst not breaking the working internal mail using

I am familiar with DNS and to an extent Certificates however I'm not sure how to configure the certificate and server so I don't break the internal mail flow, whilst allowing staff to send/receive using domain B externally.

They want to have the exchange server referred too as  Do I need to change anything on the exchange server or just create a Cname in the external DNS pointing to the external IP of server?

Can I setup a SAN cert with both domains?  If so how?

Thanks All!  

John sparksAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jason CrawfordTransport NinjaCommented:
You will need to acquire a cert for to secure client connections.  Many people include in a SAN cert, but you can get away with a single domain and an Autodiscover SRV record.  You can add as an accepted domain and assign it to mailboxes; however, until you are able secure admin access to the public DNS host inbound email won't work since you will need to update the MX record(s).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
John sparksAuthor Commented:
So get a cert for domainB (the external domain) only?

Happy to get a SAN cert as will go on to link to  Office365 later, so if  I use a SAN, get and

We don't need inbound email on, as long as the users on the local domain can send email to each other using that email. So don't need a MX record for domainA.

I was thinking that if I just put the cert in covering domainB then the internal servers/PCs will reject the connection.  Or does the internal autodiscover SRV record somehow override the cert?

(currently using a self-signed cert for on the exchange server)
Jason CrawfordTransport NinjaCommented:
The cert is only necessary for external connections.  It seems like you're getting mail flow and client connectivity confused.  You can secure email transport with a TLS certificate, but this is generally reserved for business partners and entities subject to compliance.  As long as the MX records are properly configured mail flow will work out of the box with Exchange.  Internal Autodiscover is facilitated with a Service Connection Point in AD, not DNS records.
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

John sparksAuthor Commented:
So in summary, to allow in/out mail flow of  (and we don't need a TLS cert for our purposes.)

  • Don't need to do anything internally with regard to DNS,  autodiscover records.
  • Use Exchange to create a cert request for just the outside email domain and (Aware we could get away with one)

This right?  If so I'll mark as done.  

I guess there's some config in the Exchange server configuration but I'll leave that to another question.

Many thanks Jason.
Jason CrawfordTransport NinjaCommented:
That's right
John sparksAuthor Commented:
Thanks very much
Jason CrawfordTransport NinjaCommented:
Glad I could help.  Take care :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.