Exchange Email Domain Different then AD Domain
I have run into a issue where our Active Directory Domain is different then our Exchange Domain. I have already spent countless hours setting up exchange, to realize that I cannot get a SSL cert for our AD domain, because the domain used to setup the network is not owned by the company. So my question is what would be the best course of action to have SSL certs for internal and External access? I have not been able to install a UCC cert because of this. Thanks in advance. Possible Solution? Bind all internal domains on a self signed cert from the server that is already installed to the local IP
December 8th, 2009 7:49pm
I guess you are using Exchange 2007 as you are talking about Internald and External names for a UC certificate. It is normal to have a different AD domain to external domain. Usually the domain name should be a .local, are you saying that the AD domain is a publically accessible name that the company no longer owns? Is the domain owned by some other entity? If so its going to be tricky. If the domain is available, can you purchase it. That would solve your problem. Exchange 2007 should be installed with a UC certificate including the Internal and External FQDN's and the NETBIOS names of the CAS server used by autodiscover. That is the best practice install of 2007 and if at all possible you should try to achieve this as your overall goal. If your internal domain is named as an external domain that you do no own and the domain is owned by someone else, then I'm not sure the best plan of action, as this is quite an unusual scenario. Shaun
Free Windows Admin Tool Kit Click here and download it now
December 8th, 2009 8:48pm
We are running exchange 2007. Our AD is running, and we use terminal services. one server to rule them all ideally. Exchange is on a seperate server. The domain we used with gfrp.com which we do not own, and cannot purchase it, and our external is gfrpharma.com Everything is working correctly internally, and authenticate over ntlm. But I would like to use a signed cert for at least the external access. I have thought about renaming the AD domain to gfrp.com.local, or gfrpharma.com, this is new to me, and have never done it, I've only ever been recommended to not do it. Any info's or recommendations would be great. Thanks. Paul C.
December 9th, 2009 6:27am
usually it is best to use domainname.local so for example.com, their internal domain would be example.local. I would be thinking carefully about the domain name issue as this could cause issues in a multitude of scenarios. It is quite a process to change the domain and there can be a number of side effects. See here: http://support.microsoft.com/default.aspx/kb/q178009/Other users here may have a way to get around this with Exchange, but it would be a hack of Exchange because the URL's / SCP and other references would have to point to another URL other than your current internal domain. Shaun
Free Windows Admin Tool Kit Click here and download it now
December 9th, 2009 1:04pm