Solved 2003 domain & 2012 domain in same subnet?

Microsoft Small business server 2003 r2...
August 23, 2013 at 08:31:08
Specs: Windows 2003
Hi all. I have a friend who has an old SBS 2003 server that runs Exchange 2003. He's looking at replacing that system with a new server running Server 2012 Standard and Exchange 2013. I know there's no migration path from 2003 to 2013, but what I'm wondering is if there'd be an issue having Exchange 2013 up and running and functional in the current environment with SBS 2003?

His domain is also a .local internally and because of the issue beginning in 2015 with SSL certs and internal domain names I'm going to use this new server as an opportunity to completely replace his existing internal domain, Active Directory, etc. So adding this new 2012 server to the existing domain, making it a DC w/DNS, etc. to more easily migrate over to using the new server isn't an option.

Knowing all of this I'm wondering something. What would be the implications if I connected the new server to network, gave it a static IP, created a new domain in the same IP subnet as the existing domain, installed Exchange 2013, etc.? I believe I should do this on a separate subnet but am just wondering if it would really cause any issues? All the PC's are members of domain.local and I'd be creating domain.com.

What do you all think? What issues do you see that would/could occur in this scenario?


See More: 2003 domain & 2012 domain in same subnet?

Report •

#1
August 23, 2013 at 09:51:15
Couple of things here...

1. Do you plan on utilizing Server 2012 & Exchange 2013 on the same box (unless running vmware or hyperv)? Exchange although *can* be installed on a DC, it is not best practice or recommended.

2. You can upgrade from 2003 to 2013... you just have to upgrade from 2003 to 2007/2010 then 2013. Have done this successfully multiple times. So if you went the VM route, you could do a cross migration to a new 2007/2010 exchange server part of your proper 2012 domain, then migrate it (as now all the mailboxes, public folders, address book, etc. etc. are migrated to it) to the exchange 2013 VM.

3. You can segment a couple of IP's off of the current subnet for the new server, you can have more than one domain exist in the same subnet. At least at the point you wont have to get the subnets talking if you want to migrate any data.

4. I know you dont plan to (for the domain restructure), but make sure if you join the server 2012 to the existing domain, and if you promote it to a DC (for migration purposes) & transfer FSMO roles, the SBS server must be decomissioned within 60 days or the domain will break. SBS must be the FSMO holder if its part of a domain or it freaks out. Once roles are migrated from it, there is only a limited amount of time to migrate everything off it, and get it out of the domain.

5. You'll have to use some alternate ports for mail flow being that you already have port forwards in place for the existing exchange server. Also make sure you limit that exchange server (along with the other) to have the ability to email outbound on the network (helps prevent blacklisting from compromised workstations in the future)

As long as you dont join the new server to the existing domain, you should be fine with it part of the same subnet (not that you can't, just that's when you need to start looking out for things). With the new domain you can create cross trusts for migration purposes, etc. It will be easier for you in the migration process to the have the new server as part of the same subnet (no extra routing changes, multiple subnets for DNS, etc).

www.standby-it.com


Report •

#2
August 23, 2013 at 10:34:41
Hi jpag3074. What a great reply! Thanks for taking the time and brain power to write that up. Okay, let me answer a question or two and ask another question or two.

The answer to your first question is yes - he'll have a single server w/2012 hosting Exchange 2013. I know it's not best practice. Can you take a minute and explain why? I doubt we can do anything about it now (he's a week away from wanting to go live).

Regarding number 2 - I'd thought about doing the whole migrating Exchange by putting in a 2008 vm w/Exchange 2010 then migrating that to 2012 w/Exchange 2013 but since my friend's business/network is so tiny (10 users/PC's) it just didn't make sense to me to go through the hassle. In my mind it's easier to start fresh and clean.

Regarding number 3 - if I read your response correctly it would be okay for me to put the new server with 2012 on the same subnet as the current SBS box, not join the 2012 server to the existing domain.local but create a new domain (domain.com) and that'll be okay regarding the PC's currently on the SBS domain and the Exchange 2003 services running on the SBS domain. Sound right?

In other words, if the SBS box and client PC's are using 192.168.1.2-192.168.1.20 it'd be okay for me to (as an example) give the 2012 server an IP of 192.168.1.101, create the new domain (domain.com), install Exchange 2013 in that new domain, and none of this would disturb the existing SBS setup. Sound right?

Regarding number 4 - No worries there. As you stated I don't plan to do this.

Regarding number 5 - My friend and I were on the phone with the company he uses as his ISP and for his telephones. They wouldn't send me a copy of the router config so I asked them to send me any lines in the config that reference the SBS box (by IP address). The tech saw nothing in the config referencing that IP address. I'm still trying to figure out how mail is routing to/from the Internet through the SBS box. Any thoughts on that one? I'm very sure there's no firewall in between the router and the single network switch used by his server and 10 client PC's. I'll have to double-check that but I'm very sure there isn't. It's a little confusing...


Report •

#3
August 23, 2013 at 13:11:21
✔ Best Answer
Hi Harjon,

Regarding number 1, just make sure your friend understands the following..
If you install Exchange 2013 on a domain controller, be aware of the following issues:
- Configuring Exchange 2013 for Active Directory split permissions isn’t supported.
- The Exchange Trusted Subsystem universal security group (USG) is added to the Domain Admins group when Exchange is installed on a domain controller. When this occurs, all Exchange servers in the domain are granted domain administrator rights in that domain. (security risk)
- Exchange Server and Active Directory are both resource-intensive applications. (shouldn't be an issue)
- There are performance implications to be considered when both are running on the same computer. (shouldn't be an issue in your scenario, depending on your hardware)
- You must make sure that the domain controller Exchange 2013 is installed on is a global catalog server. (single DC so that wont be an issue)
- Exchange services may not start correctly when the domain controller is also a global catalog server. (just something that will have to be checked when the server boots)
- System shutdown will take considerably longer if Exchange services aren’t stopped before shutting down or restarting the server. (as usual when exchange is installed on DC)
- Demoting a domain controller to a member server isn’t supported. (shouldn't be an issue for your scenario)
- Running Exchange 2013 on a clustered node that is also an Active Directory domain controller isn’t supported. (you aren't clustering so should be OK)

Technet article here: http://technet.microsoft.com/en-us/...

Regarding number 2: If there isn't much in the GAL, public folders weren't used much, and it was mainly just used for mail - plus with the addition of domain name changes, I understand why you are starting fresh. A larger, more complex exchange environment, would probably be more effective and efficient to migrate.

Regarding number 3: That is correct (for both paragraphs). Then when you go to migrate PC's to the new domain, you can use ssomething like ForensiT User Profile Wizard to migrate profiles easily and to save time: http://www.forensit.com/domain-migr...

Regarding number 5: That does sound very strange. Being that you had to call the ISP, I assume you are utilizing some type of managed service from your ISP. I can only think of a few things but its going to depend on the setup..
1. Do they (ISP) have it (the exchange server) setup in the DMZ?
2. They are forwarding all traffic to a internal router or security appliance that is doing the port forwarding.
3. Utilizing ISA and pushing all traffic from the router to that.
4. As the ISP to check for any port forwards instead of checking for IP addresses. Ask them what is happening with port 25 traffic (assuming that's what you respond on).
What type of connection is this? If it's T1's, there has to be something sitting behind the ISP router that is handling that serial connection, to pass the Ethernet traffic to / assign the static IP address to.

EDIT: fixed some misspellings.

www.standby-it.com

message edited by jpag3074


Report •

Related Solutions

#4
August 24, 2013 at 10:02:31
Hi jpag3074. Thanks for the replies and all the information. I'll be doing all of this stuff this weekend remotely (setting up the new domain, installing Exchange 2013, etc.

I'll dig deeper to figure out what's going on with SMTP traffic. It's very, very odd. I'll keep you posted.


Report •

Ask Question