Guest spacegoat Posted September 2, 2007 Posted September 2, 2007 I don't know if this is even practicle or possible but here is the senario. I have walked into an existing network that has one 2003 Enterprise Server running as a Domain Controller/Active Directory. and as an Exchange Server. It is also the DHCP and DNS server. Not only that but it is also the RAS server providing NAT routing as well as VPN access. There is another 2003 Enterprise Server on the network that is just a file and print server. Needless to say this configuration is less than desirable! My goal is to add an ISA Server to handle the Firewall/Routing and VPN services and promote the file/print server to Domain Controller/Active Directory and move the Exchange Server into the DMZ of the ISA Server. Is there any practicle way to approach this in the hopes of not starting over from scratch. Any advice would be much appreciated. IP
Guest ThatsIT.net.au Posted September 2, 2007 Posted September 2, 2007 Re: How can I separate Exchange and Domain Controller? "spacegoat" <rfarrer@gmail.com> wrote in message news:1188691324.913078.323970@y42g2000hsy.googlegroups.com... >I don't know if this is even practicle or possible but here is the > senario. > > I have walked into an existing network that has one 2003 Enterprise > Server running as a Domain Controller/Active Directory. and as an > Exchange Server. > It is also the DHCP and DNS server. Not only that but it is also the > RAS server providing NAT routing as well as VPN access. > There is another 2003 Enterprise Server on the network that is just a > file and print server. > > Needless to say this configuration is less than desirable! I wouldent say that how many users do you have? for example Windows SBS has SQL Exchange DHCP DNS ISA all running on the same server and is aimed at businesses up to 75 users. > > My goal is to add an ISA Server to handle the Firewall/Routing and VPN > services and promote the file/print server to Domain Controller/Active > Directory and move the I agree up to here >Exchange Server into the DMZ of the ISA Server. use ISA to publish your exchange server > > Is there any practicle way to approach this in the hopes of not > starting over from scratch. > > Any advice would be much appreciated. > moving your exchange is a pain. make sure you back it up. I would also use exmerge to back up mail boxes into pst files. just incase you have problems restoring. this has saved me in the past. Then I would set up exchange on another server, and move mailboxes across. Once you are happy all is running fine decommission the first exchange server > IP >
Guest Lanwench [MVP - Exchange] Posted September 2, 2007 Posted September 2, 2007 Re: How can I separate Exchange and Domain Controller? spacegoat <rfarrer@gmail.com> wrote: > I don't know if this is even practicle or possible but here is the > senario. > > I have walked into an existing network that has one 2003 Enterprise > Server running as a Domain Controller/Active Directory. and as an > Exchange Server. > It is also the DHCP and DNS server. Not only that but it is also the > RAS server providing NAT routing as well as VPN access. > There is another 2003 Enterprise Server on the network that is just a > file and print server. > > Needless to say this configuration is less than desirable! > > My goal is to add an ISA Server to handle the Firewall/Routing and VPN > services and promote the file/print server to Domain Controller/Active > Directory and move the Exchange Server into the DMZ of the ISA Server. > > Is there any practicle way to approach this in the hopes of not > starting over from scratch. > > Any advice would be much appreciated. > > IP Hi - this is multiposted. See your replies in microsoft.public.exchange.admin (that's the best place for Exchange questions anyway).
Guest Phillip Windell Posted September 4, 2007 Posted September 4, 2007 Re: How can I separate Exchange and Domain Controller? Except for SBS environments,... ISA needs to be on a machine by itself Exchange needs to be on a machine by itself with IIS The DC can run DNS, DHCP, WINS perfectly fine You don't need a DMZ. DMZs over complicate things and most often than not don't do "squat" to improve security. How is the single Exchange Server going to work with AD [required] from the DMZ without enabling all kinds of communication between the LAN and DMZ,...if you enable all that communicatrion,...then what good is the DMZ? -- Phillip Windell http://www.wandtv.com The views expressed, are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. ----------------------------------------------------- Understanding the ISA 2004 Access Rule Processing http://www.isaserver.org/articles/ISA2004_AccessRules.html Troubleshooting Client Authentication on Access Rules in ISA Server 2004 http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc Microsoft Internet Security & Acceleration Server: Partners http://www.microsoft.com/isaserver/partners/default.asp Microsoft ISA Server Partners: Partner Hardware Solutions http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx ----------------------------------------------------- "spacegoat" <rfarrer@gmail.com> wrote in message news:1188691324.913078.323970@y42g2000hsy.googlegroups.com... >I don't know if this is even practicle or possible but here is the > senario. > > I have walked into an existing network that has one 2003 Enterprise > Server running as a Domain Controller/Active Directory. and as an > Exchange Server. > It is also the DHCP and DNS server. Not only that but it is also the > RAS server providing NAT routing as well as VPN access. > There is another 2003 Enterprise Server on the network that is just a > file and print server. > > Needless to say this configuration is less than desirable! > > My goal is to add an ISA Server to handle the Firewall/Routing and VPN > services and promote the file/print server to Domain Controller/Active > Directory and move the Exchange Server into the DMZ of the ISA Server. > > Is there any practicle way to approach this in the hopes of not > starting over from scratch. > > Any advice would be much appreciated. > > IP >
Recommended Posts