No announcement yet.

Config for ADLDS in E2k7 + Edge Transport in DMZ?

  • Filter
  • Time
  • Show
Clear All
new posts

  • Config for ADLDS in E2k7 + Edge Transport in DMZ?

    So I have been looking for the past couple of days for a walkthrough on how to set up an Edge Transport Server in my DMZ, but I seem to be stuck with the AD LDS config. The couple of how to's I have found didn't help me at all. Can anyone point me in the right direction? I don't know how to make AD LDS actually talk to the domain. I walked through the setup, and then what?

    If you haven't guessed, this is my first time dealing with Exchange. I was tasked with upgrading our E2k3 to 2k7, and to get OWA to work in a secure fashion, and I don't have any money to spend, so ISA is out.

    A apologize in advance for my noobness. I searched for "ad lds" and nothing came up. Hopefully I'm not asking a question that has been addressed a million times.

  • #2
    Re: Config for ADLDS in E2k7 + Edge Transport in DMZ?

    If you have added the Exchange server to the domain, that was a mistake.
    Remove Exchange using add/remove programs and then drop the machine from the domain.

    You need to install ADAM on to the Edge server, and then open the relevant port. It is all documented on Technet. Start with the planning guide.

    In short, you install ADAM, Exchange. Then create a subscription. Open the port on your firewall, import the subscription on your hub transport server.

    Simon Butler
    Exchange MVP

    More Exchange Content:
    Exchange Resources List:
    In the UK? Hire me:

    Sembee is a registered trademark, used here with permission.


    • #3
      Re: Config for ADLDS in E2k7 + Edge Transport in DMZ?

      Like Simon wrote you might get a Edge server running in your DMZ, but this doesn't solve your task to get OWA working in a secure fashion.

      I assume you want to get mailbox access via OWA from the Internet, right?
      In this case Edge server gives you nothing because it's only a SMTP relay with some added features.

      Unfortunately Exchange 2007 doesn't have a front-end server role for client access which can be placed in a DMZ, so you have 2 options:
      1. Direct access from the Internet to your server which is providing the Client Access Server role, which is probably the worst scenario ever.

      2. Use some kind of reverse proxy for HTTPS which can be of course a ISA server like you already wrote.