Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsWindows Server 2003Windows 2000Windows NTSmall Business ServerVirtual ServerExchange ServerIISHost Integration ServerISA ServerSMSWSUSMOMWindows Media ServerSecurityCertification
Related Topics
SQL ServerMS WindowsMS OfficePC HardwareMore Topics ...
Windows Server Forum / Exchange Server / Design / April 2006

Tip: Looking for answers? Try searching our database.

Parent/Child Exchange 2003 Setup

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Brent - 05 Apr 2006 23:59 GMT
My org is running Exchange 2003 with the exchange server itself on a parent
domain controller, and my user's accounts on a child domain, on a domain
controller at another site.  My question is, if all child domain controllers
goes down or are not contactable for the child domain, will exchange users in
the child domain still be able to authenticate, say through Outlook Web
Access.  There are Global Catalog Servers at all sites and Active Directory
Replication is configured and working properly.
Reply to this Message
Al Mulnick - 06 Apr 2006 12:36 GMT
Perhaps the best way to answer this is like this:
If the child domain controllers were all unavailable, what would the user
account use for an authentication source?

The answer to that is that they'd have to fail because there is no authority
available for the credentials.

One other thing: because you deployed Exchange on a DC, that instance of
Exchange won't use other domain controllers.  Be sure that the DC it's
installed on is a GC as well for best effect.

Al

> My org is running Exchange 2003 with the exchange server itself on a
> parent
[quoted text clipped - 7 lines]
> Directory
> Replication is configured and working properly.
Reply to this Message
Ed - 06 Apr 2006 22:59 GMT
Your first problem is putting Exchange on a Domain Controller. Get it on
standalone servers and make sure that there are at least two DC/GCs on the
same LAN.

And since you put Exchange on a DC, I'd assume that you couldn't get the
money to justify having more servers. In that case, the choice of having
multiple domains was also probably a bad decision. I suspect that things
would be much better and cheaper if you used ADMT to move all users to a
single domain.

> My org is running Exchange 2003 with the exchange server itself on a
> parent
[quoted text clipped - 7 lines]
> Directory
> Replication is configured and working properly.
Reply to this Message
Al Mulnick - 07 Apr 2006 00:41 GMT
Hmm.. I wonder if putting Exchange on a non-GC is cutting edge thinking
these days?
Just thinking out loud, but it seems that Exchange is SO dependent on the
directory and it's not nearly as likely that the directory service would be
unavailable as it is that the network or a hardware failure would be an
issue, that I wonder if it's best to just put the Exchange server on a GC
and be done with it for many implementations. There are of course some
complications such as restoration order and such, but a throwback to the
4.x/5.x topologies seems to work in many of these cases.  It's nice to have
the option of course, but...

Seen anyone doing that type of deployment lately on a large scale?

Feel free to drop a note off-line if you prefer.  I'm insanely curious about
such things though.

Al

> Your first problem is putting Exchange on a Domain Controller. Get it on
> standalone servers and make sure that there are at least two DC/GCs on the
[quoted text clipped - 17 lines]
>> Directory
>> Replication is configured and working properly.
Reply to this Message
Brent - 07 Apr 2006 07:07 GMT
Exchange is on a member server in the parent domain.

I am looking for good reasons to justify a single domain, but political
problems of not being able to give remote site Admins "Domain Admin"
privleges becomes an issue.

> Your first problem is putting Exchange on a Domain Controller. Get it on
> standalone servers and make sure that there are at least two DC/GCs on the
[quoted text clipped - 17 lines]
> > Directory
> > Replication is configured and working properly.
Reply to this Message
Al Mulnick - 12 Apr 2006 13:35 GMT
Domain Admin? What do they need that for? I've found in the past that it's
best to go with that idea for a while and ensure that the requirements are
detailed to death.  The reason for that is that you can provide the rights
to do what they need at the OU level, but politics and past OS's often make
it look like you have to give them DA. That's extremely dangerous to do as
it is not a security boundary.  If, after you detail the requirements, you
find that DA is needed, best to go with separate forests.  If not, OU's make
more sense and you can often use the detailed requirements to prove the case
of using OU's.  The benefit of single domains comes in the disaster recovery
planning.  Much much easier to recover from failure at the forest level than
it is at the domain level when there are multiple domains. Especially when
it comes to Exchange. Because of this, I would favor a multi-forest or a
resource forest topology in a highly political environment and the resource
forest would be a single domain (think of it as a single ORG vs. domain).

Al

> Exchange is on a member server in the parent domain.
>
[quoted text clipped - 26 lines]
>> > Directory
>> > Replication is configured and working properly.
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.