| Author |
Message |
DJ
Guest
|
 Posted:
Wed Jan 12, 2005 3:35 am Post subject:
First Time Exchange Server Hosting Questions |
|
|
Hello,
I have been given a research assignment and I am hoping that someone here
can give me some help or point me in the right direction. I work for a
company that provides billing services for several clients. Some of our
clients have come to us to see if we could host and manage email for them,
because we have our own IT staff that could maintain the email system and set
it all up. One of the clients would also like the use the collaboration and
calendaring functions in Outlook within their organization, which of course
would require the use of Exchange Server, as I understand it. If we were to
put in an Exchange Server system, we would want to also migrate from our
current Linux (UNIX) based system to Exchange as well.
There would be four companies (at present) that would be involved. Company A
(my office), and three of our clients, Companies B, C, and D. Companies B and
C, are currently connected to our network via Broadband VPN connections, and
would also have remote users that would need access as well. Company D is not
currently connected to our network at all.
I need to know for my report what the minimum configuration would need to be
to accomplish this, so that I can then put together a proposal for the
owners. I have had some experience with Exchange, but not a lot. I set up a
server for a small company, running Exchange 2000, on an SBS 2000 server, and
only one domain to worry about.
Each company has it’s own domain, and needs to be totally isolated from each
other. I have seen the information on the Windows-based hosting, and watched
the Webcast showing Exchange hosting, but I’m afraid a 23 server and software
for them all proposal isn’t going to get very far.
Any help or ideas that you can offer would be greatly appreciated.
Thanks,
DJ
|
|
| Back to top |
|
 |
Glen Trafford
Guest
|
| Posted:
Wed Jan 12, 2005 6:40 am Post subject:
Re: First Time Exchange Server Hosting Questions |
|
|
Some notes on Hosting. You will need Active Directory for Exchange to
function. You can host all 4 companies on one Exchange server but there are
some issues. The main one regards the GAL - Global Address List - and how to
keep this separate for each company.
In AD it is easy to create OU's for each company and also to create a UPN
for each company so that they can log on to "their" domain. The actual
domain name should be generic enough that none of the companies feels bad.
Look at recipient policies and how to accept email for multiple domains:
http://www.msexchange.org/tutorials/MF010.html
http://www.msexchange.org/tutorials/Mailbox-Management.html
On Exchange hosting have a look at
http://www.microsoft.com/serviceproviders/hostedexchange/default.asp
On to the GAL issue
What you want to create is multiple separate Global Address Books (GAL) one
with each companies users in it.
Create security groups that contain users from each company.
Create 4 Global Address objects (or 5 if you want to keep the original GAL),
modify the query so that it only finds the users from each company. - We
found that we had to use security groups to control access between the two
groups of users in a similar situation to yours, which is obvious, but then
found that we still needed to filter them when doing AD queries. We found it
was simpler to user a custom attribute that contained a single text value
rather than looking at group membership or OU as search starting point. This
made it extremely easy to create the two GAL queries as we just did it on
the value in custom attribute X. It also allowed as to apply this to the
other Exchange mail objects - like public folders, distribution lists,
contacts and split these between the two groups as well. -
You will need to remove the default permissions (giving everyone access) to
the GAL's and add the security groups for each GAL.
Note: if a user has access to both GAL's they will get the one with the
largest number of objects in it.
Note: If the user is not in one of the security groups AND does not in our
case have the custom attribute set they will not be able to resolve their
name in the GAL and will not be able to create an Outlook Profile. So
helpdesk and user admin people need to be aware of this.
You can leave the default GAL as a super list of everyone both support
staff, remove the everyone group from this list.
Also you will need to do it for the All Groups address list as well. Just
because it isn't in the GAL doesn't
stop it (in this case) from being included in address lists lower down. This
will probably leave a stub folder that each user can see but not open. They
will not be able to open it as you will have set permissions on it. But
because of the permissions on the container above it still gets listed. To
hide it completely you need to take a few more steps:
1. In ADSI edit go to cn=directory service, cn=windows nt, cn=services,
cn=configuration, dc=DOMAIN Goto properties to the dsHeuristics attribute
and set this as 001.
2. Go to the Address Lists container in ADSI edit, under the configuration
container in the Exchange Org, remove authenticated users permissions on the
security tab and apply. Then go to the advanced security page and add
authenticated users and CHOOSE "This Object Only" and grant List Objects,
List Contents.
3. Go to Exchange System Manager to the All Addresses Container. Properties
, advanced security Add authenticated users "this Object Only" select List
Object.
4. Create address list and apply permissions on who you want to see it.
Also you need to configure an Offline Address Book for each company.
These links outline most of the steps (except the stub address lists):
You can create multiple GALs using this article:
http://support.microsoft.com/default.aspx?kbid=318635
Also create address lists for both companies and set security on the lists:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319213
Glen
"DJ" <dj1330@juno.com> wrote in message
news:EA335AB2-AA04-4A7F-AF9A-95646FCD2402@microsoft.com...
| Quote: | Hello,
I have been given a research assignment and I am hoping that someone here
can give me some help or point me in the right direction. I work for a
company that provides billing services for several clients. Some of our
clients have come to us to see if we could host and manage email for them,
because we have our own IT staff that could maintain the email system and
set
it all up. One of the clients would also like the use the collaboration
and
calendaring functions in Outlook within their organization, which of
course
would require the use of Exchange Server, as I understand it. If we were
to
put in an Exchange Server system, we would want to also migrate from our
current Linux (UNIX) based system to Exchange as well.
There would be four companies (at present) that would be involved. Company
A
(my office), and three of our clients, Companies B, C, and D. Companies B
and
C, are currently connected to our network via Broadband VPN connections,
and
would also have remote users that would need access as well. Company D is
not
currently connected to our network at all.
I need to know for my report what the minimum configuration would need to
be
to accomplish this, so that I can then put together a proposal for the
owners. I have had some experience with Exchange, but not a lot. I set up
a
server for a small company, running Exchange 2000, on an SBS 2000 server,
and
only one domain to worry about.
Each company has it's own domain, and needs to be totally isolated from
each
other. I have seen the information on the Windows-based hosting, and
watched
the Webcast showing Exchange hosting, but I'm afraid a 23 server and
software
for them all proposal isn't going to get very far.
Any help or ideas that you can offer would be greatly appreciated.
Thanks,
DJ
|
|
|
| Back to top |
|
|
DJ
Guest
|
| Posted:
Wed Jan 12, 2005 10:51 pm Post subject:
Re: First Time Exchange Server Hosting Questions |
|
|
Thank you for the information, I will look into it.
DJ
"Glen Trafford" wrote:
| Quote: | Some notes on Hosting. You will need Active Directory for Exchange to
function. You can host all 4 companies on one Exchange server but there are
some issues. The main one regards the GAL - Global Address List - and how to
keep this separate for each company.
In AD it is easy to create OU's for each company and also to create a UPN
for each company so that they can log on to "their" domain. The actual
domain name should be generic enough that none of the companies feels bad.
Look at recipient policies and how to accept email for multiple domains:
http://www.msexchange.org/tutorials/MF010.html
http://www.msexchange.org/tutorials/Mailbox-Management.html
On Exchange hosting have a look at
http://www.microsoft.com/serviceproviders/hostedexchange/default.asp
On to the GAL issue
What you want to create is multiple separate Global Address Books (GAL) one
with each companies users in it.
Create security groups that contain users from each company.
Create 4 Global Address objects (or 5 if you want to keep the original GAL),
modify the query so that it only finds the users from each company. - We
found that we had to use security groups to control access between the two
groups of users in a similar situation to yours, which is obvious, but then
found that we still needed to filter them when doing AD queries. We found it
was simpler to user a custom attribute that contained a single text value
rather than looking at group membership or OU as search starting point. This
made it extremely easy to create the two GAL queries as we just did it on
the value in custom attribute X. It also allowed as to apply this to the
other Exchange mail objects - like public folders, distribution lists,
contacts and split these between the two groups as well. -
You will need to remove the default permissions (giving everyone access) to
the GAL's and add the security groups for each GAL.
Note: if a user has access to both GAL's they will get the one with the
largest number of objects in it.
Note: If the user is not in one of the security groups AND does not in our
case have the custom attribute set they will not be able to resolve their
name in the GAL and will not be able to create an Outlook Profile. So
helpdesk and user admin people need to be aware of this.
You can leave the default GAL as a super list of everyone both support
staff, remove the everyone group from this list.
Also you will need to do it for the All Groups address list as well. Just
because it isn't in the GAL doesn't
stop it (in this case) from being included in address lists lower down. This
will probably leave a stub folder that each user can see but not open. They
will not be able to open it as you will have set permissions on it. But
because of the permissions on the container above it still gets listed. To
hide it completely you need to take a few more steps:
1. In ADSI edit go to cn=directory service, cn=windows nt, cn=services,
cn=configuration, dc=DOMAIN Goto properties to the dsHeuristics attribute
and set this as 001.
2. Go to the Address Lists container in ADSI edit, under the configuration
container in the Exchange Org, remove authenticated users permissions on the
security tab and apply. Then go to the advanced security page and add
authenticated users and CHOOSE "This Object Only" and grant List Objects,
List Contents.
3. Go to Exchange System Manager to the All Addresses Container. Properties
, advanced security Add authenticated users "this Object Only" select List
Object.
4. Create address list and apply permissions on who you want to see it.
Also you need to configure an Offline Address Book for each company.
These links outline most of the steps (except the stub address lists):
You can create multiple GALs using this article:
http://support.microsoft.com/default.aspx?kbid=318635
Also create address lists for both companies and set security on the lists:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319213
Glen
"DJ" <dj1330@juno.com> wrote in message
news:EA335AB2-AA04-4A7F-AF9A-95646FCD2402@microsoft.com...
Hello,
I have been given a research assignment and I am hoping that someone here
can give me some help or point me in the right direction. I work for a
company that provides billing services for several clients. Some of our
clients have come to us to see if we could host and manage email for them,
because we have our own IT staff that could maintain the email system and
set
it all up. One of the clients would also like the use the collaboration
and
calendaring functions in Outlook within their organization, which of
course
would require the use of Exchange Server, as I understand it. If we were
to
put in an Exchange Server system, we would want to also migrate from our
current Linux (UNIX) based system to Exchange as well.
There would be four companies (at present) that would be involved. Company
A
(my office), and three of our clients, Companies B, C, and D. Companies B
and
C, are currently connected to our network via Broadband VPN connections,
and
would also have remote users that would need access as well. Company D is
not
currently connected to our network at all.
I need to know for my report what the minimum configuration would need to
be
to accomplish this, so that I can then put together a proposal for the
owners. I have had some experience with Exchange, but not a lot. I set up
a
server for a small company, running Exchange 2000, on an SBS 2000 server,
and
only one domain to worry about.
Each company has it's own domain, and needs to be totally isolated from
each
other. I have seen the information on the Windows-based hosting, and
watched
the Webcast showing Exchange hosting, but I'm afraid a 23 server and
software
for them all proposal isn't going to get very far.
Any help or ideas that you can offer would be greatly appreciated.
Thanks,
DJ
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in