Best practices to deploy AD 2008 and Exchange 2010.

55 pts.
Tags:
Exchange 2010
I need to deploy AD 2008 along with exchange 2010. what are the best practices to do so?. I already check technet.microsoft.com.Didnot get much help with technical aspect.

 

 Scenario would be single forest,single domain, 300 users scattered along HQ and branch offices(6).

they have ERP solution service for thier use.Now they want is consolidated solution with centralised management and exchange would be new. So this ERP needs to be integrated with AD 2008( i believe) and email solution (exchange) will also be managed from AD. What are the things i need to consider before making a plan.

Answer Wiki

Thanks. We'll let you know when a new response is added.

This is straigh forward.  Here are a few things to look out for:

– AD needs to run Server 2003 native functional mode or higher.  Even if you have Server 2008 DC’s, make sure you’ve upgraded the functional mode to at least server 2003 native.

– It’s best practice not to run Exchange 2010 on a Domain Controller.  I’ve seen contractors do this in the Exchange 2003 days.  It’s not pretty.

– Exchange uses Global Catalogs for domain lookups.  If you’ve designed your network to have the domain controllers in a separate VLAN and subnet from Exchange, just add a simple GC to the same subjnet as Exchange.

– Exchange runs 64-bit native.  If you have Helpdesk computers that need the Exchange console locally installed, make sure the computers are running a 64-bit OS.

– This is part of the installation process, but make sure to prep the AD forest and domain for exchange.  It’s best to do this before installing Exchange.  You don’t want errors to occur during the installation.

– If you are worried about branch user authentication during WAN outages, you can deploy a Read-Only Domain Controller at each branch location.

Discuss This Question: 12  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • ravvyreddy
    [...] Best practices to deploy AD 2008 and Exchange 2010. VN:F [1.9.17_1161]please wait...Rating: 0.0/10 (0 votes cast)VN:F [1.9.17_1161]Rating: 0 (from 0 votes) [...]
    0 pointsBadges:
    report
  • ravvyreddy
    hmm.. what was that? I dont see any links?
    55 pointsBadges:
    report
  • TomLiotta
    hmm.. what was that? Ignore it. It looks like a pingback or other linkback registering under your question. Some blogger somewhere is linking to your question for some reason. It's possible that you'll get a lucky connection to someone who can help. I don't think anyone at ITKE has ever explained them, but they show up once in a while. I can't come up with a better explanation. Tom
    125,585 pointsBadges:
    report
  • ravvyreddy
    Tom, Would you be able to provide any insights or documentation/ref articles for my intial question as it is still pending? It would be nice if anyone can share their practical experience in approaching this deployment scenario I am thinking is single forest, single domain setup. Exchange and DNS is not yet in the scenario. I need to consider fall back plan in case of disaster. Customer just want to have a centralised mgmt of users,groups,OU and other file tasks.
    55 pointsBadges:
    report
  • ravvyreddy
    Hi mshen,               the requirement has changed a little bit. Now the client just wants AD services to have a control over users.They have couple of applications and user access them induvidually.Now IT team wants user to authenticate via AD in order to use those applications. Wants to have primary and secondary DNS servers.But no public DNS services,Just an internal domain. Exchange they dont want to involve rite now so no need now. Basically, every user needs to authenticate via HQ(be it plant employee or branch employee). Read only DC at branch seems like feasible solution. What about plants as they are also far off location from HQ. What sort of FSMO roles needs to be on HQ .Should there be a failover DC at HQ? How many servers required? As its new for them.So i need to buy them the hardware too. For 300 users, and in next 5 years users will grow to 400(max). Applications are sitting on different servers, so i believe they need to be integrated with AD for authentication.If i am wrong then let me know. If anything else is required and which i have missed then please add. Thank you for answer earlier. Alex        
    55 pointsBadges:
    report
  • mshen
    Since it sounds like they don't have an AD domain in place, this will be a simple domain buildout.  You don't have to worry about migrations or AD corruption. For DNS, it is built in when you create a Domain controller.  This will not be an issue.  Make sure to set the forwarders to a trusted external DNS source like 8.8.8.8 (google). For AD FSMO roles, you want at least two primary domain controllers in the HQ for redundancy.  It's ideal if you have a DC for each FSMO role and a backup DC that is set with replication links to all FSMO master DCs.  You will use the backup DC to assume the FSMO master role if one of the masters fails. For each application, that they want with integrated windows authentication, you will have to work with the application vendor or re-write the authentication piece if it's an in-house application.  If they use SQL logins to access the application, that can be easier as you can use mixed mode authentication in SQL, but you need the application to use integrated windows authentication on the front end.
    27,385 pointsBadges:
    report
  • ravvyreddy
    mshen,           "It’s ideal if you have a DC for each FSMO role and a backup DC that is set with replication links to all FSMO master DCs" This would make is 10 servers in total.5 for primary roles servers and 5 for back up. 1) I was thinking for forest wide roles(2 servers one for primary and one for backup) as this will be primary domain controller in forest and a redundant server to this primary DC.Both the roles on one server( domain and schema masters). Reason being asking for this, at later stage when client decides to go with exchange it should not be issue. 2) For Domain wide roles ,i am thinking as 4 servers( 2 primary and 2 backup).I would need your input for combination of roles. a) Can RID and PDC go together? b) RID and Infrastructure go together? c) PDC and Infrastructure go together? If not then what would be the right combination so that client will not run into wall in case of failure and back up server running these roles? Since everything is new ,i hope 2008 R2 would be good choice. And what also about the licensing part and what would be the economical way. ( i mean standard or enterprise license for server and user licensing part.If you have idea it would be really great). Note : Above i just let my mind out some of them in form of questions and some in statements,but they are also questions :) thanks, alex      
    55 pointsBadges:
    report
  • mshen
    You would only need 1 backup DC that will accomodate failover for all roles.  For colocating roles, this will work: Infrastructure Schema/Domain Naming - GC PDC/RID - GC Since you will be Server 2008 R2 functional mode, all domain controllers can be Global Catalogs. For licensing, standard is the most economical.  You will not need enterprise features. In terms of infrastructure, you can use clustered virtual server hosts running datacenter edition.  This will give them a scalable and highly available infrastructure.  Just be sure to avoid taking snapshots of DCs.
    27,385 pointsBadges:
    report
  • ravvyreddy
    Thanks mshen for inputs, what would be virtual server will be suitable for 2008 r2 as Virtual Server 2005 doesnot support Windows 2008 R2. when you said infrastructure--- will it only be Windows primary and back up domain controllers at HO? If its hyper-V then what about licensing part?I browsed thru technet but couldnot find anything related to data center edition. If you have done this before then pls let me know.How does this infrastructure and virtualization works.       
    55 pointsBadges:
    report
  • mshen
    Hyper-V comes standard in Windows Server 2008 R2.  I remember they used to sell installation media without hyper-v for around $39 less, but I don't think they still do that. DataCenter Edition licenses are sold per physical processor.  So if your servers have 2 processesors with 12 cores, you only pay for a 2 processor license. When thinking about virtualization, you definitely should consider DataCenter Edition because you get unlimited virtual server licenses for that host server.  If you run your host servers with Enterprise edition, you will only be able to run 4 virtual servers from that host before you need to purchase more licenses. With virtualization, you will also want to use clustering since you don't want all of your eggs in one basket.  Keep in mind that clustering requires shared storage (a SAN).  Which would be more costly and require some knowledge of storage systems.
    27,385 pointsBadges:
    report
  • ravvyreddy
    Thank you mshen!!!
    55 pointsBadges:
    report
  • Genderhayes

    Run and install Windows Updates

    Schema Admins if you are installing Exchange 2010 for the first time

    Domain Admins

  • Enterprise Admins


  • 7,950 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following