We currently have Exchange 2003 in the Forest Root domain. The AD team is considering restructuring AD to have two new child domains to try and rectify the fact that the Forest Root is not "empty." This restructure is being driven by the obvious security concerns of not having an empty Forest root. So, as we plan the move to Exchange 2010, the question becomes where to place Exchange 2010. If the end goal is to get away from the Forest root, then we should install Exchange 2010 in the two new child domains. We are planning on two child domains, HQ and Regions and then moving the users from the current Forest root to the child domains. What are the namespace implications for that for Exchange 2010 if we have some users in HQ.company.com and some users in Regions.company.com? What will we need to do from an Exchange 2003/Exchange 2010 perspective to make that work? Thank you.

The SMTP namespace isn't tied to the AD domain namespace, so you shouldn't have any issues with Exchange installed in either domain. Personally, I'd be more worried about the AD restructure. Creating new domains within an existing forest is an unusual (and expensive) approach. Nowadays, it is far more common to see organizations collapsing from multiple domains into a single domain (or migrating into a single-domain forest). http://markparris.co.uk/2009/12/09/empty-root-place-holder-%E2%80%93-still-a-valid-design-choice/ http://www.activedir.org/Articles/tabid/54/articleType/ArticleView/articleId/68/Default.aspxAlexei

That is interesting. So, essentially what you are saying is that internally, Exchange is sending email via your SMTP address and therefore the different internal namespaces (the two new child domains) are irrelevant.

That's correct. For routing purposes Exchange doesn't care about the AD domain namespace.Alexei

Thanks for your responses. I have some additional questions though. It seems that creating the two child domains is driven by business requirements more than anything and it looks like that is the way they want to go. With that being said, I have questions relating to this as far as Exchange is concerned. Right now, the Exchange 2003 Org is in the forest root. If we create the two child domains and move users into those domains, do their mailboxes need to be in the child domains or can we keep their mailboxes in the root? What would be some advantages and disadvantages of this? I know that DAGs cannot cross domain names, so that is also a consideration.

Hi, You can keep Exchange in the forest root domain, that can actually make the Exchange design easier to overview. /MartinExchange is a passion not just a collaboration software.

Thanks. I understand that the namespace planning will be kept simple by keeping Exchange in the Forest Root. If the users accounts are moved to the child domains, will there be any issues with connecting to their mailboxes? I assume not, because even though their user account is in a child domain, it is still one Exchange Organization.

> If the users accounts are moved to the child domains, will there be any issues with connecting to their mailboxes? I assume not, because > even though their user account is in a child domain, it is still one Exchange Organization. Correct. Alexei

OK. I am leaning towards keeping Exchange 2010 in the Forest Root because if we move Exchange to the child domains, I feel that there will be too much of a headache created for namespace planning/certificate planning and High Availability / Site Resilience scenarios which we will be using to the fullest extent possible. What about security considerations? RBAC allows a nice separation and more granular permissions model, but is there any concern with keeping Exchange 2010 at the Forest Root?

Hi, Internally we have Exchange 2010 placed in the forest root, and the only "concern" we have with is that it can take up to 15 min from when I create the user in the child domain before I can add the mailbox feature to the user. Other than that it is working just as any other Exchange in a single domain setup would work. /MartinExchange is a passion not just a collaboration software.

Thank you. This is all good information. Maritn, does your Exchange 2010 design include any HA or Site Resilience components?

Hi, For the moment only a cas array. I will be making a DAG as well, but it won't be site resillience since we only have the one datacenter. If you want to know more about setting up the site resillience then read this two part article from Henrik Walther: http://msexchange.org/articles_tutorials/exchange-server-2010/management-administration/planning-deploying-testing-exchange-2010-site-resilient-solution-sized-medium-organization-part1.html /MartinExchange is a passion not just a collaboration software.

I have read that article. Thanks.