Where to install Exchange 2003?

By alan.atkins ·
Where to install Exchange 2003.
Here is the gist of my question: I have Exchange 2000 running on old 2000 server domain controller. Not a good practice I know, but this is why I am re-structuring. The old 2000 server and Exchange 2000 are the last of the 2000 servers in my domain which have all been replaced with new servers and 2K3 O/S running AD. What I want to do is install Exchange 2003 (I have a 64 bit 2k3 server to install Exchange 2k7 on once I learn more about it) on a separate server, but I also plan to create a child domain to keep users and file server off of the perimeter network. In this scenario where do I install the Exchange server, on the perimeter or on the child domain Can you have Exchange run on the child domain with a connector to the perimeter, or would it be best to install Exchange 2003 on the perimeter and have the child domain user's access SMTP mail from it? If the latter, how? I have taken over a neglected network, and the upgrades and migration have gone fairly smooth to this point, but I am still a little fuzzy on the Exchange stuff. I have already ran domain prep for the addition of Windows 2003 in the domain, and also ran the scripts that will correct broken container names with Exchange 2000 in a 2003 enviroment. Any help or links someone could give would be greatly appreciated. Thanks!

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Perimeter or Parent?

by taboga In reply to Where to install Exchange ...

I would be a little confused as to exactly what you mean when referring to the parent domain as a "perimeter". Maybe I read your post wrong, but it appears that you are relating parent-child domains in a firewall sense and thus the term "perimeter".

I can't think of a reason right off -- as to why you would not want to install Exchange in the parent domain, as in your example: The concern that I would have with Exchange is that it does not face the Internet directly, ensuring that it is behind the firewall, or my personal preference -- in a DMZ.

If your Exchange Server is going to serve your entire Domain -- it should be placed in the parent domain. IMO.

Collapse -


by alan.atkins In reply to Perimeter or Parent?

Yes, I am referring to the parent domain. I get my terminology crossed sometimes. So in a DMZ the Exchange server would have an external IP separate from the current external IP to serve for the entire parent domain? I have a DMZ for my web server with it's own IP, would this be the same practice for Exchange?

Collapse -


by taboga In reply to Parent wouldn't want your Exchange Server exposed directly to the Internet. And I say "ideally" with the full understanding that we all have to work with what we have. If your Exchange Server is connected directly to the Internet with a public IP Address, then anyone in the world can have direct access to Exchange. This is a bad for a host of reasons as I am sure you know.

By a DMZ, I mean that your Exchange Server is not directly exposed to the Internet (behind a firewall), nor is it exposed directly to your Internal network. Essentially, it is sitting in between the outside world and the inside world -- and all traffic will have to go through your firewall in order to touch the Exchange Server. That way YOU have better control over what YOU let in and out.

Which type of firewall do you use?

Collapse -

ISA for now

by alan.atkins In reply to Ideally...

O.K. that makes sense. As I said I get my terminology crossed sometimes. I am in the process of upgrading to ISA 2004 then to ISA 2006 on newly purchased rack server (there is no direct upgrade path from ISA 2000 to 2006). However that will only be in place for hopefully 6 months or a little more as I have plans for the CISCO ASA VPN series. I want to get away from a software/server based firewall for obvious reasons. I need to get more up to speed on CISCO technology first though. I really appreciate you taking the time to anwser my questions and offer advise. It is very much appreciated. I am the only admin/engineer for a software development company that has never had one. It feels as sometimes that I am starting from scratch as the system's hardware and software was extremely outdated when I took over. It is nice to know that there are people such as yourself that are willing to help.

Collapse -

Good Luck with ISA!

by taboga In reply to ISA for now

I went throught the ISA 2004 install a couple years ago. It can be a little intense to first get it up and running right AND working with Exchange. But IMO -- it's pretty good.

But hey, no problem with helping you at all. If it were not for forums, tech sites and the like, we would all be in a mess with so much of this stuff going on that we are responsible for everyday!

Good luck to you!

Collapse -

By the way...

by taboga In reply to Where to install Exchange ...

If you haven't used them before, go to They have alot of "how to" and good material IMO -- when it comes to setting-up, configuring and securing Exchange.

Collapse -

Our set up is

by Dumphrey In reply to Where to install Exchange ...

perhaps similar to yours in terms of logical design. We have two companies under one umbrella. Each company has its own domaine. We are connected by pvpn between 2 pix firewalls, and a single Exchange 2003 server.
But we used two different domains as oposed to a child parent realtionship. This set up works flawlessly, except for one hitch that may affect you ina child parent situation, but I am not sure. Exchange ONLY resolves SHORT DNS names, ie domain1 as opposed to This leads to problems when setting up recipiant update policy as well as contacting domain controllers for domains other then the Exchange local domaine. Playing with DNS is the main way I know around this.

Let me know if Exchange gives you any DNS issues with a child parent relationship, I am quite interested.

Related Discussions

Related Forums