authenticating to Exchange
I'm trying to learn more about Exchange, and the different ways IT Admins setup their enterprise. I'd like your input.
Assume the following:
your internal domain is corp.company.com (as recommended by MS, it is a child of your external domain name).
your external domain is company.com you've got 2 externally facing name servers in the DMZ that are authoritative for your external domain's Internet records (MX, A, etc.)
alternatively, your registrar's name servers could hold these records your boss wants all e-mail addresses to be "@company.com", and you already have an MX record for it
Wouldn't that mean you'd have 2 e-mail addresses on your Exchange box? Both
username@corp.company.com and
username@company.com?
If you wanted the 'corp.company.com' e-mail address to work outside of the domain, you'd need to setup an MX record for that, right?
What would authentication look like when you're signing into OWA? Would you sign in as: corp.company\username, company\username, or something else?
Conversely, if your external and internal domains were the same - company.com - would there be any special DNS considerations for that?
I would appreciate any insight into my theoretical design.
July 8th, 2011 8:18pm
I am not aware that creating a child domain of your external domain is a recommendation of Microsoft unless you have some compelling reason for it. I have plenty of customers who use their "public" domain name as their AD domain name.
There is no requirement that your e-mail domain match your AD domain name. That's what comes up by default when you first install Exchange, but you're perfectly welcome to change it, and I recommend that you do just that.
Further, there's no requirement that your DNS match your AD domain, either. You can certaily make your e-mail page webmail.company.com in DNS, create the corresponding certificate, and Exchange will work just fine. The web name does not have
to match the server name in AD.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
July 10th, 2011 1:16am
Hi,
Wouldn't that mean you'd have 2 e-mail addresses on your Exchange box? Bothusername@corp.company.com
and username@company.com?
Yes. If your external domain name is different than your internal domain name, the mailbox user should have 2 e-mail addresess.
If you wanted the 'corp.company.com' e-mail address to work outside of the domain, you'd need to setup an MX record for that, right?
You need to create a new domain zone for 'corp.company.com' ,then create a MX record for this new zone.
What would authentication look like when you're signing into OWA? Would you sign in as: corp.company\username, company\username, or something else?
You can log into the OWA by corp.company\username (UserLogon name) and
sername@corp.company.com.
July 12th, 2011 8:23am