Exchange design for smb

phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
My employer owns several companies. We are going to be opening an office in the next month, and this office will be completely autonomous from our existing network. However, we want the users in the new office to be able to use email address suffix from our existing domain. Is it possible for me to setup a dc and exchange box at this completely seperate office and setup our users to use email from our domain without using OWA? Email client will most likely be Outlook 2007.

Comments

  • ssampierssampier Member Posts: 224
    I don't see any reason why not.

    OWA is simply the web page interface for Exchange.

    From an DNS perceptive your DNS address would point to DNS MX address and then your router/firewall would use your public IP address to NAT a private address to port 25 to your Exchange server.

    For users you have a couple of different options. Since you won't have the same resources as your existing company SIDs and ACLs won't matter. I would start fresh as a daisy and create a new forest/domain with your chosen AD name.

    If you have a lot of users, there are several tools that can export users from AD.

    Now if you still need access to your old work resources, then things get a bit more complicated. You would then setup a VPN tunnel to your "old work" and a forest-level trust.
    Future Plans:

    JNCIA Firewall
    CCNA:Security
    CCNP

    More security exams and then the world.
  • garv221garv221 Member Posts: 1,914
    Setup your current Exchange Server with the Outlook Anywhere function and avoid the hassle and cost of setting up a new Exchange Server.
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    garv221 wrote: »
    Setup your current Exchange Server with the Outlook Anywhere function and avoid the hassle and cost of setting up a new Exchange Server.

    This is what I've decided to do. Besides, today they mentioned that they might want to connect the office to the existing network down the road...
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    To clear up exchange semantics, if my exchange box is not a dc nor a gc and is the only exchange box in my topology, is it a front-end or a back-end server? When users connect through owa, they hit this box since it is the only one.
  • Mojo_666Mojo_666 Member Posts: 438
    phoeneous wrote: »
    To clear up exchange semantics, if my exchange box is not a dc nor a gc and is the only exchange box in my topology, is it a front-end or a back-end server? When users connect through owa, they hit this box since it is the only one.

    Technically it is both.
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    Mojo_666 wrote: »
    Technically it is both.

    Technically yes, but I want to make sure I use the correct deployment scenario. Looks like this is the one for my topology:

    How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No Front-End Server

    I'm looking at the existing ssl cert that owa uses but the common name isnt set to mail.company.com. Will I run into a problem with this and then need to create a new ssl cert?

    Also another weird thing I just discovered is, none of our servers have certificate services installed... Where did the owa cert come from??? It isn't 3rd party either.
  • Mojo_666Mojo_666 Member Posts: 438
    phoeneous wrote: »
    Technically yes, but I want to make sure I use the correct deployment scenario. Looks like this is the one for my topology:

    How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No Front-End Server

    I'm looking at the existing ssl cert that owa uses but the common name isnt set to mail.company.com. Will I run into a problem with this and then need to create a new ssl cert?

    Also another weird thing I just discovered is, none of our servers have certificate services installed... Where did the owa cert come from??? It isn't 3rd party either.

    You do not need a certificate service to install a certificate only issue them, and you only really need a CA if you need to issue certs to you organisation, so that cert would probably been purchased via one of many websites, or it could have been generated using the iis recource kit self ssl tool.

    If the cert does not match the URL being typed by the user you will get an error, also if you the self ssl tool was used ie will also throw an error....but this is a great tool for testing as you can generate certs as you need them.

    Single Exchange servers are pretty easy to set up tbh so there is not much that can go wrong.
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    Mojo_666 wrote: »
    You do not need a certificate service to install a certificate only issue them, and you only really need a CA if you need to issue certs to you organisation, so that cert would probably been purchased via one of many websites, or it could have been generated using the iis recource kit self ssl tool.

    If the cert does not match the URL being typed by the user you will get an error, also if you the self ssl tool was used ie will also throw an error....but this is a great tool for testing as you can generate certs as you need them.

    Single Exchange servers are pretty easy to set up tbh so there is not much that can go wrong.

    Are you suggesting I don't bother installing certificate services on the exchange box and then just use the self ssl tool to create a cert for mail.company.com?
  • Mojo_666Mojo_666 Member Posts: 438
    phoeneous wrote: »
    Are you suggesting I don't bother installing certificate services on the exchange box and then just use the self ssl tool to create a cert for mail.company.com?

    Yes, you do not need to install certificate services, in fact I advise against it as than can become a bit of a bind. You can use SelfSSL for a free option or better still purchase a ssl cert from a company like go dadddy https://www.godaddy.com/ssl/ssl-certificates.aspx
  • Mojo_666Mojo_666 Member Posts: 438
    Actually having just read through this thread again you do not mention which version of exchange and on what platform, the last time I used it was ex2003 running on server 2003/iis 6 I am note sure if there is a version/tool for iis7/7.5 if yo plan on running on 2008/r2
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    Mojo_666 wrote: »
    Actually having just read through this thread again you do not mention which version of exchange and on what platform, the last time I used it was ex2003 running on server 2003/iis 6 I am note sure if there is a version/tool for iis7/7.5 if yo plan on running on 2008/r2

    Exchange 03 sp2 and IIS 6.
  • Mojo_666Mojo_666 Member Posts: 438
    phoeneous wrote: »
    Exchange 03 sp2 and IIS 6.

    Winner then, play about with self ssl until you get used to certs, one cool thing btw is that as you can make your own custom certs you can make them valid for like 10 years. ;)
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    Mojo_666 wrote: »
    Winner then, play about with self ssl until you get used to certs, one cool thing btw is that as you can make your own custom certs you can make them valid for like 10 years. ;)

    Cool. One more question before I start tinkering around with self ssl. Is Default Website and the RPC virtual directory tied to the same cert? From what I see, I need to change the cert that is applied to Default Website because the 'Server Certificate' button in RPC is greyed out.
  • Mojo_666Mojo_666 Member Posts: 438
    phoeneous wrote: »
    Cool. One more question before I start tinkering around with self ssl. Is Default Website and the RPC virtual directory tied to the same cert? From what I see, I need to change the cert that is applied to Default Website because the 'Server Certificate' button in RPC is greyed out.

    If the "Default website" is at the top of the directory tree for your Exhange pages etc then yes. (which it probably is unless you created more websites)
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    Mojo_666 wrote: »
    If the "Default website" is at the top of the directory tree for your Exhange pages etc then yes. (which it probably is unless you created more websites)

    Thanks icon_thumright.gif
Sign In or Register to comment.