0

Please be sweet in your help, I'm begginner in Exchange/Windows Sever skills.

Currently, I have one virtual server(VM) under Windows Server 2012 Standard with Exchange 2010 with role server AD. ( it's my own domain controller)

I know, it's not recommended to have Exchange 2010 on the same machine with AD role but currently i didn't have a choice. (I just work on an existent network infrastructure).

I read this practices here :

For optimize this situation in the first time, I will install an another virtual machine on my second Hyper-V(my main DC+Exchange2010 is on the second hyper-V)with Windows Server 2012 Standard for configuring an replication/mirroring.

It's ok, I already do that in my labs but only with an DC without Exchange 2010.

My question is: Can I configure this second DC in replication/mirroring configuration with my main DC+Exchange 2010 without have problem configuration? Or I must to follow a specific configuration ?

My main worry isn't to lose the internet connection if my first hyper-V crash with my VM - Domain Controller((AD+DNS+Exchange))

Thanks

EDIT 23/03/2018 : I rewording my question :

  1. Should I configure a specific parameters in Exchange 2010 if I install an second DC in replication/mirroring with the first DC knowing that Exchange 2010 is hosting on the first DC server?

Just to put a fine point on it: If you lose your Active Directory, everything in the domain stops functioning, including Exchange.

I know that, in fact, if I lost my hyper-V-02, I will lost my AD and Exchange too.

This is a very different question from the one you originally asked. Exchange is "AD Aware" meaning that as long as you're configuring the server operating system to best practices, and configuring your AD to best practices, you will be fine with Exchange.

Ok, you mean Exchange can be flexible if I have multiple DC on the single domain? Can you explain me a term " AD Aware"? I will applicate the best practices on my DC but in the first time? I just try to have a internet connection if my hyper-V-02 crash.

I post a schema/picture of my current(chaotic) network situation.

Schema

It's my futur plan: what do you think about this?

  1. Replication/Mirroring with DC1 ( Because if my Hyper-V-02 crash, I will lost internet and I’m conscious, I will lost Exchange too, it’s why if I configure my DC2 in replcation DC1 it’s ok?

All my DC is currently VM but I will buy a new server for have an another DC physical (in progress).

  1. When the replication will be ok, I will create a new VM for move my existing exchange 2010

  2. Migrate Exchange 2010 to Exchange 2016

  3. Create a DAG for our exchange.

  4. Create a DHCP redundant on another server with configuration like this DNS adress : my DC1 and DC2

I know for all advices and I thanks you about that, I know and I'm conscious about the security about this architecture. But the life isn't beautiful, all company are not sweet, smart and rich ( I just work an existing network ) but I will fight for explain for my leadership about this current problem. Please be kind with me.

albatorus
  • 1
  • 2

2 Answers2

2

My question is: Can I configure this second DC in replication/mirroring configuration with with my main DC+Exchange 2010 without have problem configuration? Or I must to follow a specific configuration ?

Active Directory is a multi-master peer service. Meaning that it was designed to operate with multiple replicas for availability and availability in mind. It is perfect normal to have multiple Domain Controllers in a single domain, in fact your configuration of only having one is incredibly rare and dangerous.

You have a lot of reading to do - I suggest you start here: https://technet.microsoft.com/en-us/library/cc526617.aspx

You have a lot of changes to make in your environment to get out of the dangerous scenario that you're in, and you shouldn't take those changes lightly. I'd strongly recommend that after you thoroughly read as much Active Directory documentation as possible that you lab out all scenarios before performing them in production. If you're still even moderately uncomfortable, you should seek outside consulting help.

Just to put a fine point on it: If you lose your Active Directory, everything in the domain stops functioning, including Exchange.

EDIT 23/03/2018 : I rewording my question :

Should I configure a specific parameters in Exchange 2010 if I install an second DC in replication/mirroring with the first DC knowing that Exchange 2010 is hosting on the first DC server?

This is a very different question from the one you originally asked. Exchange is "AD Aware" meaning that as long as you're configuring the server operating system to best practices, and configuring your AD to best practices, you will be fine with Exchange.

Bonus: Exchange 2010 goes End of Extended Support in January of 2020, which means that you have fewer than 2 years to migrate to a newer supported environment. Given the layout you've described and how poorly things are implemented, I would very strongly encourage you to consider migrating to Office 365 Exchange Online and outsourcing the care and feeding of the underlying hardware and platform to Microsoft. If that's not an option, you will need to upgrade to Exchange 2016 or newer by that deadline. So one way or another, you're going to have to unwind this mess and move it to another platform sooner than later.

MDMarra
  • 100,734
  • 32
  • 197
  • 329
  • Thanks for your answer MDMarra, for the link's shared, He's obsolete ("We are sorry, the page you requested cannot be found.") https://technet.microsoft.com/en-us/library/cc526617.aspx but it's ok, I find a good link (https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/best-practices-for-securing-active-directory) – albatorus Mar 24 '18 at 09:21
-1

There is no excuse to have DC and Exchange on the same server and I don't agree that you didn't have a choice With the way that licencing works you can separate the roles - all versions of Windows Server after 2013 allows you to have two virtual machines per physical licence of standard edition.

Therefore if you have a second server, I would install two VMs, one as a domain controller, one as an Exchange server. Move all users and content to the second server. Then remove Exchange from the first server, and build a second Exchange server. You can then put them in a DAG.

You cannot have a DAG with Exchange on a domain controller as you will already have read.

Sembee
  • 2,884
  • 1
  • 8
  • 11
  • I understand your point of view, sorry for my explication i'm not 100% clarity in my explication, I just mean when I say "I don't have choice" It's about my situation, I can't stop the production at my work, I just need in the first time to configure a second VM for have an secondary DC. I just afraid if my hyper-V-01 crash with my VM DC+Exchange, I lost the network and internet too (DNS) – albatorus Mar 21 '18 at 12:57
  • my situation is : Hyper-V-01 Physical Machine (Virtual Machine :AD+DNS+DHCP+Exchange) and Hyper-V-02 Physical Machine ( VM : not configure yet) – albatorus Mar 21 '18 at 13:00
  • I'm conscious about your answer but I must to proceed step by step in the first time. If I configure my second DC(second Virtual Machine) for replication with the first DC, Should I configure my only Exchange 2010 on the first Virtual Machine if my replication is ok on my second VM on my hyper-V-02? – albatorus Mar 21 '18 at 13:06
  • 1
    As bad as the current architecture is, this doesn't answer the question. – MDMarra Mar 23 '18 at 15:05