locked
Looking to add another domain to exchange server but it gets complicated RRS feed

  • Question

  • We are currently running Exchange 2007. The company owner wants to host the email for another business he owns on our exchange server. Their domain name and email are currently registered\hosted by Register.com. What am I looking at to get this done.

    Initially, it seems simple enough.... just configure exchange to accept mail from xyz.com domain (exchange system manager -> recipients -> recipient policies -> default policy -> email addresses (policy) tab -> add xyz.com domain). Then, make sure that the DNS records for xyz.com domain point the MX record to an external IP address on our firewall that will direct messages to our server. I believe that we would either need another OU or domain in AD for xyz.com and have to add\recreate the email address for each user in active directory.

    This location would not be joining our domain (WAN) and would likely use OWA or RPC over HTTP for email access and will want to send\receive from their mobile devices too. They would also need to retain the user@xyz.com email address and not user@parent_company.com. This would be their primary SMTP address?

    Am I on track here? What am I missing and can it really be this easy?  Do you see any issues in setting it up this way? I realize that I will have other work to do to keep xyz.com and Parent_company.com from seeing or even know the other exists in exchange.


    just another Steve

    Thursday, October 4, 2012 8:53 PM

All replies

  • hi,

    >>>Initially, it seems simple enough.... just configure exchange to accept mail from xyz.com domain (exchange system manager -> recipients -> recipient policies -> default policy -> email addresses (policy) tab -> add xyz.com domain). Then, make sure that the DNS records for xyz.com domain point the MX record to an external IP address on our firewall that will direct messages to our server. I believe that we would either need another OU or domain in AD for xyz.com and have to add\recreate the email address for each user in active directory.

    You can use the email address policy to add the xyz.com, please also remember to add accepted domain. And the xyz.com will be their primary address. Simple check, if the address is bold, then the address is primary address.

    >>>This location would not be joining our domain (WAN) and would likely use OWA or RPC over HTTP for email access and will want to send\receive from their mobile devices too. They would also need to retain the user@xyz.com email address and not user@parent_company.com.

    If you want to use autodiscover/activesync/owa for the domain. I think you should add another website on your cas server IIS.

    Please see more information about how to add more website on client access server.

    http://blogs.technet.com/b/exchange/archive/2008/01/07/3404614.aspx

    hope can help you

    thanks,


    CastinLu

    TechNet Community Support

    Friday, October 5, 2012 8:00 AM
  • I just walked through the process for the new Accepted Domain and Address policy. Seems pretty straight forward. This has me worried as it seems too easy. Probably going to be interesting keeping the two domains from seeing each other at all (address book, etc).

    Regarding their access... Since it looked like we are set up for POP3 and IMAP, as a test I set up my email in an OracleBox VM to access my email account using IMAP. Send and received worked (I am inside the firewall at the moment - will test from home tonight), but I cannot see, access, or add my sent items or any sub folders on the server. I don't have it in the list of folders to subscribe, I only have Inbox and junk email available.


    just another Steve

    Friday, October 5, 2012 5:53 PM
  • Just thought of another issue that could be fun to deal with. One of the mailboxes on this new domain will be for our owner. He will want to open and send\receive from both mailboxes.... simultaneously from his desk or mobile device. Cannot have a send on behalf happen or have him choose sent as. Whichever mailbox he is sending or replying from must default to the correct address. He will probably want them in one Outlook window too.... Would be nice to have the option of separate Outlook windows, but that doesn't seem to be allowed anymore....

    just another Steve

    Saturday, October 6, 2012 2:44 PM
  • Just thought of another issue that could be fun to deal with. One of the mailboxes on this new domain will be for our owner. He will want to open and send\receive from both mailboxes.... simultaneously from his desk or mobile device. Cannot have a send on behalf happen or have him choose sent as. Whichever mailbox he is sending or replying from must default to the correct address. He will probably want them in one Outlook window too.... Would be nice to have the option of separate Outlook windows, but that doesn't seem to be allowed anymore....

    just another Steve

    Hello,

    One way of doing it is to add another AD user, for example boss2, then have that be his email address user for company 2. Then in outlook, you add boss2's mailbox to the mailbox view. Just make sure you grant boss1 full access to boss2, including send as permissions. This way, you won't co-mingle the mailboxes but you can still view them both in Outlook.

    Here are the instructions:

    http://technet.microsoft.com/en-us/library/aa996343(v=exchg.80).aspx

    http://www.falconitservices.com/support/KB/Lists/Posts/Post.aspx?ID=51


    Miguel Fra | Falcon IT Services, Miami, FL
    www.falconitservices.com | www.falconits.com | Blog


    • Edited by Miguel Fra Saturday, October 6, 2012 3:13 PM
    Saturday, October 6, 2012 3:10 PM
  • Just thought of another issue that could be fun to deal with. One of the mailboxes on this new domain will be for our owner. He will want to open and send\receive from both mailboxes.... simultaneously from his desk or mobile device. Cannot have a send on behalf happen or have him choose sent as. Whichever mailbox he is sending or replying from must default to the correct address. He will probably want them in one Outlook window too.... Would be nice to have the option of separate Outlook windows, but that doesn't seem to be allowed anymore....


    just another Steve

    Hello,

    One way of doing it is to add another AD user, for example boss2, then have that be his email address user for company 2. Then in outlook, you add another mailbox and grant boss1 full access to boss2, including send as permissions. This way, you won't co-mingle the mailboxes but you can still view them both in Outlook.

    Here are the instructions:

    http://www.falconitservices.com/support/KB/Lists/Posts/Post.aspx?ID=51


    Miguel Fra | Falcon IT Services, Miami, FL
    www.falconitservices.com | www.falconits.com | Blog

    Hi Miguel,

    This will probably end up being the answer for the desktop access question. He's got an IPhone and I'll need it set up there too... I personally don't have an IPhone, and have little experience setting them up....


    just another Steve

    Saturday, October 6, 2012 3:23 PM
  • hi,

    In my mind, you can't set it up. It means that you can't let your boss simultaneous open two mailbox on his phone.

    It only can be done on outlook. And if you use owa, you need click open another mailbox to open the mailbox that grant full access permission to it.

    thanks,


    CastinLu

    TechNet Community Support

    Monday, October 8, 2012 1:35 AM
  • hi,

    In my mind, you can't set it up. It means that you can't let your boss simultaneous open two mailbox on his phone.

    It only can be done on outlook. And if you use owa, you need click open another mailbox to open the mailbox that grant full access permission to it.

    thanks,


    CastinLu

    TechNet Community Support

    Doing some research, it looks like it is possible to set up multiple exchange accounts on an IPhone:

    http://www.techrepublic.com/blog/smartphones/add-a-second-exchange-account-to-your-iphone-4/1440

    Again, the devil is in the details as it looks like you need an iPhone 4 and iOS4.


    just another Steve

    Monday, October 8, 2012 1:32 PM
  • Another question on the Mailbox\User configuration:

    I've added the new xyz.com domain and xyz.com is an accepted domain. I've created a test user in the new Active Directory OU and created a new mailbox for it. I've changed the Primary SMTP from user@parent_company.com to user@xyz.com.

    Now that the Primary SMTP is set as User@xyz.com can I remove the SMTP entry for User@parent_company.com?


    just another Steve

    Monday, October 8, 2012 8:06 PM
  • hi,

    >>>Doing some research, it looks like it is possible to set up multiple exchange accounts on an IPhone:

    http://www.techrepublic.com/blog/smartphones/add-a-second-exchange-account-to-your-iphone-4/1440

    Again, the devil is in the details as it looks like you need an iPhone 4 and iOS4.

      Sorry for misunderstanding, i think you want to open two mailbox in one windows on your phone.

    Based on the link, you need iphone 4 and its ios should be 4. It depend on your device, so it isn't related to exchange.

    >>>Now that the Primary SMTP is set as User@xyz.com can I remove the SMTP entry for User@parent_company.com?

    Yes, you can. If you want to set the address back, just add it you can set it back again.

    hope can help you

    thanks,


    CastinLu

    TechNet Community Support

    Tuesday, October 9, 2012 3:36 AM
  • I am testing the send and receive now using outlook profiles set up for Exchange and for POP3....  Not sure if this issue is on our External DNS or maybe in Exchange?

    I can send to and receive from a user@parent_company.com(internal so it should work)

    I can send from Exchange profile to external email accounts user@yahoo.comand user@verizon.net

    Attempt to Reply or Send FROM Yahoo or Verizon accounts receives a Delivery Failure:

    Diagnostic code: smtp;530 5.7.1 Client was not authenticated

    BTW - Anonymous users is allowed under the receive connector permissions group tab

    Do I need to restart the Exchange Transport service?


    just another Steve



    • Edited by 2manySteves Friday, October 12, 2012 6:11 PM
    Friday, October 12, 2012 3:10 PM
  • Well, another update. Allowed Anonymous on the default receive connector and mail works for send and receive... but SMTP test from MXToolbox indicates a possible open relay.

    ANONYMOUS NOT ALLOWED - cannot receive mail:

    EHLO please-read-policy.mxtoolbox.com
    250-mailsever.ParentCompany.com Hello [xx.xx.xxx.xxx]
    250-SIZE 20971520
    250-PIPELINING
    250-DSN
    250-ENHANCEDSTATUSCODES
    250-STARTTLS
    250-AUTH NTLM LOGIN
    250-8BITMIME
    250-BINARYMIME
    250 CHUNKING [78 ms]
    MAIL FROM: <supertool@mxtoolbox.com>
    530 5.7.1 Client was not authenticated [5101 ms]

    ANONYMOUS ALLOWED - can receive mail but possible open relay:

    EHLO please-read-policy.mxtoolbox.com
    250-mailsever.ParentCompany.com Hello [xx.xx.xxx.xxx]
    250-SIZE 20971520
    250-PIPELINING
    250-DSN
    250-ENHANCEDSTATUSCODES
    250-STARTTLS
    250-AUTH NTLM LOGIN
    250-8BITMIME
    250-BINARYMIME
    250 CHUNKING [78 ms]
    MAIL FROM: <supertool@mxtoolbox.com>
    250 2.1.0 Sender OK [78 ms]
    RCPT TO: <test@example.com>
    250 2.1.5 Recipient OK [94 ms]


    just another Steve


    • Edited by 2manySteves Saturday, October 13, 2012 3:28 PM
    Saturday, October 13, 2012 3:27 PM
  • The Final piece to the puzzle was out Barracuda Networks Spam firewall. It was missed that that the former external email address user@xyz.com was white listed . once these settings were deleted from the spam firewall and xyz.com was added as an accepted domain the send and receive from external worked.


    just another Steve

    Wednesday, October 17, 2012 2:54 PM