Hi all, We have contracted with a consultant to provide a hosted Exchange server for us. They will be hosting the server in their own datacenter. They plan to add the server to our AD domain, and want to create a domain controller in our domain in their datacenter as well. Is it really necessary for them to have a domain controller? And if it is, how much in the way of uses with administrative rights do we have to create for them? (They will not be administering our mail environment; we will still create mailboxes and such.) I'm not entirely comfortable with this plan and I'm wondering whether it can be done another way. Any advice is appreciated. Thanks, - Steve

Exchange is very heavily dependant on a domain controller. I wouldn't dream of having an Exchange server separate from Exchange over a WAN. If the WAN connection between the sites fails, then your Exchange server is dead in the water. Even with a fast Internet connection it will still make things very slow unless there is a domain controller close by. The domain controller will need to be a global catalog and as such you will need to setup Sites and Services so that it isn't used by your local clients for authentication. As for permissions - what are they actually going to do for you? Are you going to administrate the servers, patch them etc? What is the reason for putting the server in their data centre? Do you have a large number of remote users who will benefit from the additional bandwidth? This is something that has been considered by some of my clients, but discounted for any number of reasons. However what I have done on more than occasion now is have two Exchange servers, one local and one in a data centre (with a domain controller). These servers then replicate the data. In the event of a problem in the office, the server in the data centre is available. Simon.Simon Butler, Exchange MVP http://blog.sembee.co.uk http://exbpa.com/

They should have TWO domain controllers, configured as global catalog servers. -- Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." . "R. Steven Kadish" wrote in message news:e98401ee-2ac2-4876-be43-36e0bf322a7b... Hi all, We have contracted with a consultant to provide a hosted Exchange server for us. They will be hosting the server in their own datacenter. They plan to add the server to our AD domain, and want to create a domain controller in our domain in their datacenter as well. Is it really necessary for them to have a domain controller? And if it is, how much in the way of uses with administrative rights do we have to create for them? (They will not be administering our mail environment; we will still create mailboxes and such.) I'm not entirely comfortable with this plan and I'm wondering whether it can be done another way. Any advice is appreciated. Thanks, - Steve Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Hi Simon, Thanks very much - it's good to have some independent verification of their plan. Also, thanks for the tips about how the DC should be configured. To answer your questions, the consultants/hosts are to be in charge of all server administration and patching. However, I don't fully know the rationale for putting the server in their data center. That decision was made several levels above me before I was involved with the project. Best, - Steve

Hi Ed, Thanks for the response! Why is it that you recommend two domain controllers at the host? Best, - Steve

So that you have fault tolerance. -- Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." . "R. Steven Kadish" wrote in message news:1a91e22d-3a7c-4bfe-84da-060af9f906a6... Hi Ed, Thanks for the response! Why is it that you recommend two domain controllers at the host? Best, - Steve Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Hi Simon, Thanks very much - it's good to have some independent verification of their plan. Also, thanks for the tips about how the DC should be configured. To answer your questions, the consultants/hosts are to be in charge of all server administration and patching. However, I don't fully know the rationale for putting the server in their data center. That decision was made several levels above me before I was involved with the project. Best, - Steve That means they are going to need to be domain admins. They could be administrators of the local machines, but it is trivial to elevate the permissions up to full domain admins, so they may as well have the permissions to start with. Lower permissions could be used, but almost guarantee that they will simply complain they cannot do their job without the higher permissions. Whether that is acceptable to the business is only something the business can decide. Those who made the decision may not realise what that exactly entails. Simon.Simon Butler, Exchange MVP. http://blog.sembee.co.uk , http://exbpa.com/

Hi R.Steven Kadish, Simon has gave you a good explaination for your concer. Per your description, in my opinion, the plan for your email system is not a good descion, there maybe some risk of email service always availiable for your users, and not secury for you AD domain. If you want to have email system service that be hosted, why not chose BPOS from MS, it would meet almost your email system needs, and also could sync your AD data without adding DC server joined in your domain, and without get the high level account in your domain . Please refer to below: https://www.microsoft.com/online/default.mspx Regards! Gavin

Hi Gavin, Thanks for the email! Just to be clear, I don't have a say in who we hired for the project. That's already done and a contract has been signed. I was simply looking for verification that their plan was valid. I've already discussed with them what kind of permanent and temporary access we'll be providing to the domain for the project. Best, - Steve