Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
Exchange
2000.active.directory
2000.admin
2000.announcements
2000.app.conversion
2000.applications
2000.clients
2000.clustering
2000.connectivity
2000.development
2000.documentation
2000.general
2000.information.store
2000.interop
2000.kms
2000.misc
2000.protocols
2000.realtime.collabo.
2000.setup
2000.transport
2000.win2000
admin
application.conversion
applications
clients
clustering
connectivity
design
development
misc
mobility
setup
tools
  
 
date: Wed, 5 Apr 2006 15:59:02 -0700,    group: microsoft.public.exchange.design        back       


Parent/Child Exchange 2003 Setup    
My org is running Exchange 2003 with the exchange server itself on a parent 
domain controller, and my user's accounts on a child domain, on a domain 
controller at another site.  My question is, if all child domain controllers 
goes down or are not contactable for the child domain, will exchange users in 
the child domain still be able to authenticate, say through Outlook Web 
Access.  There are Global Catalog Servers at all sites and Active Directory 
Replication is configured and working properly.
date: Wed, 5 Apr 2006 15:59:02 -0700   author:   Brent

Re: Parent/Child Exchange 2003 Setup    
Perhaps the best way to answer this is like this:
If the child domain controllers were all unavailable, what would the user 
account use for an authentication source?

The answer to that is that they'd have to fail because there is no authority 
available for the credentials.

One other thing: because you deployed Exchange on a DC, that instance of 
Exchange won't use other domain controllers.  Be sure that the DC it's 
installed on is a GC as well for best effect.

Al

"Brent"  wrote in message 
news:F886435D-28C6-45E2-B414-56048572DEAA@microsoft.com...
> My org is running Exchange 2003 with the exchange server itself on a 
> parent
> domain controller, and my user's accounts on a child domain, on a domain
> controller at another site.  My question is, if all child domain 
> controllers
> goes down or are not contactable for the child domain, will exchange users 
> in
> the child domain still be able to authenticate, say through Outlook Web
> Access.  There are Global Catalog Servers at all sites and Active 
> Directory
> Replication is configured and working properly.
>
>
>
date: Thu, 6 Apr 2006 07:36:25 -0400   author:   Al Mulnick

Re: Parent/Child Exchange 2003 Setup    
Your first problem is putting Exchange on a Domain Controller. Get it on 
standalone servers and make sure that there are at least two DC/GCs on the 
same LAN.

And since you put Exchange on a DC, I'd assume that you couldn't get the 
money to justify having more servers. In that case, the choice of having 
multiple domains was also probably a bad decision. I suspect that things 
would be much better and cheaper if you used ADMT to move all users to a 
single domain.



"Brent"  wrote in message 
news:F886435D-28C6-45E2-B414-56048572DEAA@microsoft.com...
> My org is running Exchange 2003 with the exchange server itself on a 
> parent
> domain controller, and my user's accounts on a child domain, on a domain
> controller at another site.  My question is, if all child domain 
> controllers
> goes down or are not contactable for the child domain, will exchange users 
> in
> the child domain still be able to authenticate, say through Outlook Web
> Access.  There are Global Catalog Servers at all sites and Active 
> Directory
> Replication is configured and working properly.
>
>
>
date: Thu, 6 Apr 2006 17:59:05 -0400   author:   Ed

Re: Parent/Child Exchange 2003 Setup    
Hmm.. I wonder if putting Exchange on a non-GC is cutting edge thinking 
these days?
Just thinking out loud, but it seems that Exchange is SO dependent on the 
directory and it's not nearly as likely that the directory service would be 
unavailable as it is that the network or a hardware failure would be an 
issue, that I wonder if it's best to just put the Exchange server on a GC 
and be done with it for many implementations. There are of course some 
complications such as restoration order and such, but a throwback to the 
4.x/5.x topologies seems to work in many of these cases.  It's nice to have 
the option of course, but...

Seen anyone doing that type of deployment lately on a large scale?

Feel free to drop a note off-line if you prefer.  I'm insanely curious about 
such things though.

Al

"Ed"  wrote in message 
news:eEQl7ZcWGHA.2376@TK2MSFTNGP03.phx.gbl...
> Your first problem is putting Exchange on a Domain Controller. Get it on 
> standalone servers and make sure that there are at least two DC/GCs on the 
> same LAN.
>
> And since you put Exchange on a DC, I'd assume that you couldn't get the 
> money to justify having more servers. In that case, the choice of having 
> multiple domains was also probably a bad decision. I suspect that things 
> would be much better and cheaper if you used ADMT to move all users to a 
> single domain.
>
>
>
> "Brent"  wrote in message 
> news:F886435D-28C6-45E2-B414-56048572DEAA@microsoft.com...
>> My org is running Exchange 2003 with the exchange server itself on a 
>> parent
>> domain controller, and my user's accounts on a child domain, on a domain
>> controller at another site.  My question is, if all child domain 
>> controllers
>> goes down or are not contactable for the child domain, will exchange 
>> users in
>> the child domain still be able to authenticate, say through Outlook Web
>> Access.  There are Global Catalog Servers at all sites and Active 
>> Directory
>> Replication is configured and working properly.
>>
>>
>>
>
>
date: Thu, 6 Apr 2006 19:41:19 -0400   author:   Al Mulnick

Re: Parent/Child Exchange 2003 Setup    
Exchange is on a member server in the parent domain.

I am looking for good reasons to justify a single domain, but political 
problems of not being able to give remote site Admins "Domain Admin" 
privleges becomes an issue.

"Ed" wrote:

> Your first problem is putting Exchange on a Domain Controller. Get it on 
> standalone servers and make sure that there are at least two DC/GCs on the 
> same LAN.
> 
> And since you put Exchange on a DC, I'd assume that you couldn't get the 
> money to justify having more servers. In that case, the choice of having 
> multiple domains was also probably a bad decision. I suspect that things 
> would be much better and cheaper if you used ADMT to move all users to a 
> single domain.
> 
> 
> 
> "Brent"  wrote in message 
> news:F886435D-28C6-45E2-B414-56048572DEAA@microsoft.com...
> > My org is running Exchange 2003 with the exchange server itself on a 
> > parent
> > domain controller, and my user's accounts on a child domain, on a domain
> > controller at another site.  My question is, if all child domain 
> > controllers
> > goes down or are not contactable for the child domain, will exchange users 
> > in
> > the child domain still be able to authenticate, say through Outlook Web
> > Access.  There are Global Catalog Servers at all sites and Active 
> > Directory
> > Replication is configured and working properly.
> >
> >
> > 
> 
> 
>
date: Thu, 6 Apr 2006 23:07:02 -0700   author:   Brent

Re: Parent/Child Exchange 2003 Setup    
Domain Admin? What do they need that for? I've found in the past that it's 
best to go with that idea for a while and ensure that the requirements are 
detailed to death.  The reason for that is that you can provide the rights 
to do what they need at the OU level, but politics and past OS's often make 
it look like you have to give them DA. That's extremely dangerous to do as 
it is not a security boundary.  If, after you detail the requirements, you 
find that DA is needed, best to go with separate forests.  If not, OU's make 
more sense and you can often use the detailed requirements to prove the case 
of using OU's.  The benefit of single domains comes in the disaster recovery 
planning.  Much much easier to recover from failure at the forest level than 
it is at the domain level when there are multiple domains. Especially when 
it comes to Exchange. Because of this, I would favor a multi-forest or a 
resource forest topology in a highly political environment and the resource 
forest would be a single domain (think of it as a single ORG vs. domain).

Al



"Brent"  wrote in message 
news:7BEDF970-384F-4E74-87AA-BCAB87619B51@microsoft.com...
> Exchange is on a member server in the parent domain.
>
> I am looking for good reasons to justify a single domain, but political
> problems of not being able to give remote site Admins "Domain Admin"
> privleges becomes an issue.
>
> "Ed" wrote:
>
>> Your first problem is putting Exchange on a Domain Controller. Get it on
>> standalone servers and make sure that there are at least two DC/GCs on 
>> the
>> same LAN.
>>
>> And since you put Exchange on a DC, I'd assume that you couldn't get the
>> money to justify having more servers. In that case, the choice of having
>> multiple domains was also probably a bad decision. I suspect that things
>> would be much better and cheaper if you used ADMT to move all users to a
>> single domain.
>>
>>
>>
>> "Brent"  wrote in message
>> news:F886435D-28C6-45E2-B414-56048572DEAA@microsoft.com...
>> > My org is running Exchange 2003 with the exchange server itself on a
>> > parent
>> > domain controller, and my user's accounts on a child domain, on a 
>> > domain
>> > controller at another site.  My question is, if all child domain
>> > controllers
>> > goes down or are not contactable for the child domain, will exchange 
>> > users
>> > in
>> > the child domain still be able to authenticate, say through Outlook Web
>> > Access.  There are Global Catalog Servers at all sites and Active
>> > Directory
>> > Replication is configured and working properly.
>> >
>> >
>> >
>>
>>
>>
date: Wed, 12 Apr 2006 08:35:18 -0400   author:   Al Mulnick

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us