Thursday, October 21, 2004

Hosting Multiple Domains on SBS 2003 (Part 1)

If you're like me, you own a couple of domains and you want to have SBS answer for each domain. How do you do this?

In the next few posts, I'll outline exactly what you need to do to have SBS answer for multiple domains on the Internet.

Let's start with E-mail
For E-mail, the first thing you need to do is make sure your Internet domain's MX records are pointing to your SBS server's IP address, feel free to use backup a MX record, or even dynamic dns (I do!), depending on your own situation.

For the first email domain, follow the normal SBS wizards (Primarily CEICW) to configure your first and primary domain that you will want to use. Congratulations, your first domain is configured! :)

Adding additional domains to Exchange
To do this, we're going to edit the default recipient policy:

  1. From Server Management, expand Advanced Management, First Organization, Recipients and select Recipient Policies

  2. Right-click on the Default Policy and choose Properties

  3. On the E-Mail Address (Policy) tab, click the New button

  4. Select SMTP Address from the list and click OK

  5. Type in the name of the domain in the format @domain.com and choose OK. Leave the check box checked

  6. Check the box next to your new domain in the Default Domain Properties window, and click OK

Now that you've added this into the policy, Exchange will become aware of this domain and start responding to mail from it. This change will take effect the next time Exchange updates its policies, let's not wait that long.

  1. Select the Recipient Update Service from the console

  2. Right-click on both policies on the right and choose Update Now

This forces Exchange to update the policies now, so you don't have to wait.

You will now be able to notice all of your users have an 3 email addresses:

  • user@domain.local - added by SBS for your internal domain. It's suggested you keep this email address for this user as it is used by some SBS tools

  • user@domain1.com - this is the first domain you added using CEICW

  • user@domain2.com - this is the second domain you just added

That's as far as I went, since I wanted all my users to receive email from both domains, but what if you don't want this?

Micro-manage!

To micromanage which users have which email addresses simply:

  1. Change to the Users' snap-in and right-click on a user

  2. On the E-mail Addresses snap-in, uncheck the box at the bottom that says Automatically update e-mail addresses based on receipient policy

  3. Remove any email address you don't want the user to receive email at and add any additional email addresses in your configured domains. Don't forget to keep the domain.local e-mail address!

  4. Set the primary one to be the email address the user will send email as

There you have it, if your domain MX records are configured correctly, the SBS box will receive e-mail for both domains!

You can add any number of domains using this process. Moreover, you can add any number of email addresses to a specific user within a given domain using micromanage tactics.

Read on to Part 2.

68 comments:

Anonymous said...

Great! But why won't Exchange let me select (via From: in Outlook) one of the other VALID EMAIL ADRESSES that I have so that I can chose who I am sending as?

It gives me a message that I don't have permission, but it's MY ADDRESS! yes I've seen some hacks about creating a custom recipient, blah, blah. But I have 50 or more email addresses (1 for every online vendor I either buy from or get tech support from) and I think exchange/outlook should offer a choice to by default if desired, use the email address they sent to as the sending address if I click "reply".

Anyone figured out how to do that yet?

thanks,
Roger.

Sean Daniel said...

Great idea, I'll pass this along to the Exchange team

Anonymous said...

Hi,

Sorry to chip in a little late (and anonymously, but it saves on creating an account). I am a full-time SBS2003 consultant, and you wouldn't believe how many of my customers this would help. Almost all of them now have more than one domain, and need to be able to send out mail from different addresses as required (from Outlook). If you can get this onto the wish list for the next release, it would be great.

Thanks,

Paul

Anonymous said...

Thanks for the great information. I have been combing the internet trying to find why my second email domain would not receive. The MX record was correct, but I did not have that check box selected in the default recipient update policy. I am looking for some way to use the recipient update policy, and I have unchecked the box to allow the email addresses to be managed automaticaly but how do I just use the user's first name in the email address, and not their nickname?

Mark

Anonymous said...

I haven't noticed any new posts on this. Did you ever find a way to select a 'from' address when configuring exchange for multiple domains? This would be such a useful feature. BTW, I really liked your site.

Thanks,
Allen
avanwey@sbcglobal.net

Sean Daniel said...

Thanks for pointing that out Allen, I'm actually still working on this, it's a harder problem then I thought. Once we get SP1 out the door, I'll try to focus more on this.

Anonymous said...

What if there are two business names that are delivering to the same SBS server but you still want to keep the emails seperate?. ie two mailboxes (one for each email address and using the from field to select what account you want to send from. Would you need two exchange boxes for this?. I tried the recipient policy but it adds both the SMTP addresses to the one account. Please help. jckruger@netspace.net.au

Sean Daniel said...

Yes, if you want to keep the mail completely seperate, you need two mailboxes. I post on how to do that in my Delegate Access Blog Post.

Anonymous said...

I will try setting up the users with two mailboxes with delegate rights for the user to the two mailboxes.
Is there a way to setup the email addresses for the separate accounts by using the default recipient policy?. Both email addresses are in a different format i.e.

firstname.surname@domain1.com.au
firstname@domain2.com.au

I have found some info on http://www.petri.co.il/configure_specific_email_addresses_for_exchange_users.htm about configuring some exchange recipients to have different e-mail addresses in exchange 2000/2003 by using LDAP Queries.

Do you recommend this?

Could I use the variables for SMTP addresses to look like:
%g.%s@domain1.com.au
%g@domain2.com.au

Maybe I could do an LDAP Query on accounts in a certain OU in AD. I would just create the additional user/mailbox in a different OU and it would then get the correct SMTP address.

Would I just have two recipient policies to delegate the emails to the appropriate users?

JustinKruger said...

I think I have figured it out. I changed the default recipient policy to have the SMTP address of @not_used.com. I then created two other recipient policies. One that checks the "department" field for a certain value that matches exactly and the other checks for the same value that does not match. I assigned the SMTP address of %g@domain2.com.au to the first policy. To create the second mailbox I just reversed the name fields (first name as surname, surname as first name). I then created a new user template that automatically fills in the department field. Once the second account is created it may have the first email address as the SMTP address but once the policy is updated the new addresses are applied. The recipient policy just has the values changed around also to make the address correct again. i.e. %s.%g@domain1.com.au

I hope this makes sense. If not, send me a message and I can provide screen shots of what I mean.

This seems to work on my setup. The only thing is that when a new account is created and the recipient policy is applied, the old address are not removed. In my case it doesn't matter because they are the wrong format for them to use so I dont care if they are still there. It may be different for others though.

Justin

Anonymous said...

Sorry about the anonymous post, but I was just wondering if there has been any progress with being able to send from the second domain? I was able to set up a clients SBS to recieve from the second domain, but the need to be able to send from it also, so right now I have them set up with a web based e-mail solution. Thanks!

Bob

Sean Daniel said...

And setting the primary email address at the bottom of this post isn't working for you? or do you need to be able to quickly switch between domains?

Michalk said...

Hi, I set this up for small company using two different DNS suffixes for their emails, 5 users using the primary DNS suffix which is set up for SBS as well. They have another five users using secondary DNS suffix for email only. Those 5 users are having problem accessing OWA. They can log in via web access but when they click on the Company email it asks them for another authentication. I applied the MS 833734 fix for IIS password issues but it didn't help. Any ideas? Can you get OWA working for users with secondary email suffix only?
Thanks Michal

Anonymous said...

Sean,

I'm looking to be able to send from either domain in Outlook using the "From:" field to switch, so that the recipient sees from either domain. My clients own two companies and want them to appear separate, they don't mind the e-mails coming into the same inbox. I know there are third party plugins that will accomplish this, put it would be nice if I don't have to have my clients pay...

In your April 12th post you said that you were still working on it. Thanks!

Greg Wratt said...

Setup the user with 2 email address's
then setup a pop account with the second email address (not the primary) that is popping into the server.
turn off downloading of email from the server..
then you will have the ability to send with the other email account.

another method is to setup other email address's as distribution lists. setup your user that requires the address as a member of the distribution list. then the user can choose the distribution list as the from person.

Sean Daniel said...

Thanks all for your comments, I have just made a new post, courtesy of the work by Justin, that may help with some of the issues you are seeing, the direct link is An Extension to Delgate Access.

Jamie Jamison said...

I just posted an article over on my blog that outlines how to set up the outgoing secondary e-mail address. I hope it helps. Here is the link:

http://www.jamiejamison.com/2005/08/configuring_sbs.html

Jamie Jamison said...

Sorry - I should have noticed that this blog allowed html.

Here is the link.

Sean Daniel said...

Thanks Jamie, the more content the better, this way people can discover what works for them.

Anonymous said...

I have followed all the instructions trying to set up SBS Exchange to accept external emails. I can telnet onto port 25, and use send from: and rcpt to: to send mail to internal addresses, but I am told the server will not relay when I send to users@the external domain. I know that the external mx records are OK because the old ntmail server works fine - cutting across to SBS is causing the problem. The server is sitting behind a DSL router that has forwarding on port 25.

Any help would be HUGELY appreciated - this is taking heaps of time with no result!

Sean Daniel said...

Sounds like you need to do the opposite of This.

Let me know if it doesn't help

Jamie Jamison said...

Are you sure that when you set up the recipient policy for the external domain name that you checked the box that turns it on? When you first add the SMTP address to the recipient policy, that address is not enabled when it shows up in the list. You have to turn it on by checking the box.

Anonymous said...

I have two mail domains I host on my SBS 2003 Premium box. The users with the "other" domain would like all of their email to go out with the secondary address. (ie they receive email at user@domain2.com but when the y reply it shows as coming from user@domain1.com) To confuse matters more, they still need to be able to receive mail at user@domain1.com. Can you suggest a resource on this subject?

Sean Daniel said...

You can either uncheck the update from recipient policy and choose the correct email you want to set as to the primary, or you can follow These instructions.

Anonymous said...

Sean, thanks for the great article, my clients can now send and receive e-mail from both domains (using Jamies instructions above to set up Outlook to send). My last hurdle is sorting the mail in the inbox. Say I have two domains, DomainA.com and DomainB.com, I would like to have the primary (DomainA.com) to stay in the inbox, and DomainB.com to be routed to a subfolder of the Inbox called "DomainB". I have tried setting up a rule, but Outlook seems to see all e-mails as "user@DomainA.com", even if it was sent to "user@DomainB.com". Any ideas? Thanks!

Bob

Anonymous said...

Please disregard that last post, I figured it out myself, woohoo! Instead of setting a rule using the "sent to people or distibution list" option (with people set as user@DomainB.com) I used "with specific words in the message header" with the specific word being user@DomainB.com. Works like a charm now! My clients will be super-happy when I set them up tomorrow! Thanks!

Sean Daniel said...

Bob, you're very welcome. Glad that this article could be of assistance. The rule idea works the best and probably what I would have suggested anyways. Thanks for leaving the tip on the site.

Anonymous said...

People should really be up in arms that microsoft do not allow you to select which smtp address to send from. It's a bloody disgrace!!

Joe Burns said...

I agree. I've got a client who requires the ability to send from 3 domains using Exchange SMTP. However I cannot give him a solution at present besides using a seperate POP3 Account in Outlook and setting an external SMTP that he can send through. Hopefully somebody will come up with a solution soon.

Anonymous said...

thanks for the info Sean,

here's what I did, which seems to also have worked:

I ran Internet Mail wizard and config'ed for domain A. Later, I re-ran it again for domain B (when customer decided to add another domain to be default with a shorter name).

I just looked in the policy and it still has the first domain in there as well, and additionally has the new domain (as default).

Looks like I'm good to go, of course each user also has both domains @ email addresses in user properties as well as the .local

for the time being I also have this server using pop3 connector to get email for the old domain until I change the mx record. once that's done I'll just stop the pop3 connector function.

thanks for sharing the tips, looking forward to reading more..


John

Josetta said...

Quick question -- and this seems to be a good place to ask it...

We had a trial of SBS and a couple of weeks later, we got a new server and converted the trial. No problem, except that I had already done a lot with the companyweb page. I copied (I think) the files we need, but when I try to import them, there seems to be problems with permissions, etc. that I can't seem to get solved. I was wondering if there's a way to simply "view" these files (in the STS_Config.mdf, etc.), so that I can recreate what we had in our new companyweb. If anyone has any insight in this, I would greatly appreciate it.

Sean Daniel said...

You are absolutely at the right place.

Shoot though. CompanyWeb, or SharePoint keeps the majority of it's files in a database, so it will be virtually impossible to get all of them, and make sure the permissions are set right.

The best thing you'll want to do is to backup and restore the website using the "stsadm.exe" command. You can find instructions on how to do this right in on the backup console. The latest version of the restore document (linked to from the on-box version of the document in the backup-snap in tells you how to configure Companyweb for backup. If you run that stsadm command and then restore it, you'll be good to go.

Sorry for any inconvenience.

Josetta said...

Sean, thank you so much for your advice. I found some other things to try on your site, which basically resulted in my screwing up the server, but all is restored now. Not your fault...I never made it past reinstalling the Intranet component, as you recommended in one of your other posts. Thank God I didn't have much on the site. I'm just going to recreate it. I look forward to using your blog extensively while I'm going through this process. I wish I'd known about it before we began the transition process. I could've probably saved my self tons of time. Thanks again.

Anonymous said...

Thanks for all the information.

Justin's work around of settign up a pop account to be able to chose "send from" is smart but not practical for my business. I could never trust our employees to remember every time to change the default send from address when replying.

The two things I cannot stand about Exchange SBS are this inability to chose send from and the limitation of 2 GB per user mail box. With the size of files these days and the need for retention it is just unreasonable.

Anybody know if a patch is planned to fix these two major issues?

Thanks,
Brian Cohn

Sean Daniel said...

make sure you have Exchange SP2 installed because this allows you to make your exchange store up to 75 GB instead of 16gb, with a few registry changes.

Anonymous said...

Thanks Sean.

We are running SP2 and I will check to see if the registry changes were made.

I was undewr the impression though that despite the overall limit of 75GB, the individual user is still limited to a 2GB mailbox. Is this true?

Best regards,
Brian Cohn

Sean Daniel said...

Hrm, I was of the impression that users mailboxes can be as big as you want to make them (within the store size of course).

I think Exchange is 2gb by default, but you can right click on the user object, and on one of the Exchange tabs, you can override the default and make it as large as you want.

The default is stored in Exchange System Manager somewhere, let me know if you can't find it, I've only changed that once in the past, so I'd have to dig it up.

Anonymous said...

I think the place you are referring to in the user object is under the "Exchange General" tab on the "Storage Limits" button, right?

The choice there is to use the default or set specific limits for warning size and send/receive restriction size.

If I try to set this above 2GB I am given an error that I must enter a value between 0 through 2097151.

Am I doing this wrong?

Thanks again!
Brian

Anonymous said...

OK. I am a little embaressed. Turns out our outside tech guy didn't actually get around to installing SP2 yet. I will see if I can raise teh mailbox size over 2GB once it is actually installed.

Brian

Sean Daniel said...

hehe, it's not actually embarassing at all. From our studies we find that tracking what tech's do from site to site is actually one of the toughest problems our VAPs/VARs have to face. Let us know what happens after SP2 is installed.

Anonymous said...

Hi Sean,

Does SP2 reolve the issue of sending FROM multiple domains?

If I use Justin's fake pop account work around, is it possible to set a different primary domain to be the From address for each user?

Thanks,
Brian

Sean Daniel said...

SP2 doesn't change anything with respect to multiple domains. But up in the blog post, under Micro-Manage! it tells you how to set the different primary email address for each user, when you select this, it will be the primary "FROM" address for that user, there is still no way to change this on the fly that I know of that isn't already posted somewhere on my blog.

Anonymous said...

Hey guys,

Anyone seen these symtoms??

joel@domainA.com
joe@domainB.com

Joe has two pop pop account setup for each domain....

He gets 'any' mail sent to joe@eitherdomainAorB in both of the email inboxs.

Any ideas??

Anonymous said...

Hello,
Thank you for the article, it's been enlightining, but I can't get it to work !
I can see the mail coming in on the router log, I can see it being forwarded to port 25 on our server, then it just disappears !.
I should add that we are running a Pop3 connector for one domain and trying to setup the direct method on a new (test domain). Could that be the reason it's not working ?
I have turned all the diags for exchange to maximum, but nothing.
Any Ideas ?

Blitzhund said...

Sean,

Please forgive if you've addressed this already in your post, but I'm new to SBS2k3 and Exchange 2k3 having been a qmail user.

I run multiple domains for family, friends and some local charities and I was able to get the email being received on the SBS Exchange fine using the Recipients instructions (thank you!).

But I want to get OWA working for each domain like this:

abc.com/exchange
def.com/exchange
ghi.com/exchange and etc

Can you please tell me how to do this? I tried setting up virtual directories in the http protocol section (having read this worked) but to no avail.

Can you please advise me on how to get this working. I feel terrible after migrating off of a stable (but limited) qmail/squirrel mail and not able to get these charities OWA logins to work.

Thanks,
William Paris

Sean Daniel said...

Unfortunately if you want the abc.com/exchange and def.com/exchange, etc to work, you're going to have a problem with certificates. What I would do is create a virtual web server for each domain within IIS, and use Exchange System Manager to extend the exchange virtual directories to each of these virtual websites, then purchase a certificate (probably from somewhere cheap) for each of those domains and install them on each virtual website.

Then the rest of these instructions should work as for managing users and setting default email addresses etc. There will be a lot of micro managing, but I don't see why you can't get it working.

let me know if you need more help Blizhund, and you can always email me at seanda at microsoft dot com for more specific help to your scenario. Don't be surprised if it takes a little bit for me to reply though.

Cheers!
Sean

Blitzhund said...

Sean,

Using a wildcard certificate (homebrewed - sbs rocks) and your virtual HTTP dir tie in with Exchange vir dir I am able to get everyone working bar one group.

It serves up the Remote Web Workplace screen but after entering the user's credentials it returns immediately back to the log on page (same page as before) and both username and password boxes are blank.

I can log these users on internally on my network just fine but externally it exhibits the above behavior.

Any ideas?

Thanks for your help thus far, I've subscribed to your blog and am looking forward to it. Also congrats on your marriage - welcome to the best years of your life (until your first is born!)!

William

Blitzhund said...

Um...I'm embarassed. After a reboot it all automagically works!

Thanks for your help!

Sean Daniel said...

You're very welcome. :) Happy that it worked out.

Anonymous said...

To All:

this third-party utility can help you to solve the "send as" problem:

http://www.ivasoft.biz/choosefrom.shtml

Regards,
Victor

MD said...

Glad to come across this blog - great work guys!

Now, I'm coming across some roadblocks and I need some help in making sure I have the correct configuration for hosting multiple email domains on my SBS 2003.
Your help is greatly apreciated!

Let me explain the architecture:

1. Domains are registered with GoDaddy (say "mydomain1.com" & "mydomain2.com")
This is my current GoDaddy Setup for domain "domain1.com"
CNAMES
Host Points To
domain1.com domain1.dnsalias.org

MX Exchange
Priority Host Goes To
0 domain1.com domain1.dnsalias.org

2. Using DynDns with associated pointers: "mydomain1.dyndns.org" & "mydomain2.dyndns.org"
Domain is correctly pointing to my server's IP (123.123.123.123)
Mail Exchanger (optional) set to: "domain1.dnsalias.org"

3. SBS 2003 (with dynamic IP - updated with dyndns.org)
Receipient policies updated to include "@domain1.com" and "@domain2.com" respectively


An MX lookup leads:
Non-authoritative answer:

domain1.com canonical name = domain1.dnsalias.org
domain1.dnsalias.org MX preference = 10, mail exchanger = domain1.dnsalias.org
domain1.dnsalias.org internet address = 123.123.123.123 (correct Server IP address)

Sean Daniel said...

What roadblocks are you hitting? it's extremely hard to find a problem in your list of configurations. If you tell us the problem you're having, we may be able to look at your configuration and find the issue.

Thanks...

joe.ainsworth said...

I have an sbs2003 server with one user that cannot authenticate via pop3. User login is fine, OWA is fine. Changed passwords, gave the user administrative rights, all to no avail. Any suggestions?

Sean Daniel said...

The Exchange POP3 service is not enabled by default, have you started the service and opened port 110 from your network firewall to your SBS Server?

Anonymous said...

first thank you for this information.
I have done as you descriped, but the mails from the second domain is sendt to the administrator account, what am I doing wrong?

Sean Daniel said...

can you be more specific of which mails sent to the second domain?

Anonymous said...

Hi Sean,

Great stuff you've put on here! Thanks. I appear to have a problem with the 2 domain scenario where all the mail is coming into one box.
When collected by Outlook, The user cannot tell if the mail has come in to him/her as user@doamin1 or user@domain2 .. is there a woraround? or am I missing something?

Thanks.. Omar

Sean Daniel said...

Nope, I don't think you've missed anything. Without looking at the email headers,it's impossible to tell. What I would do in this case, is setup a Distribution Group for the second email address, and make the user the only member, then they will be able to tell which email account it was sent to.

Sorry I don't have a better solution for you.

Anonymous said...

You could setup a message rule for inbound mail to go into seperate "Inbox" for each domain. This would tell your workders what address the mail was sent to.

Anonymous said...

I am having the same issue as one of the previous posts and did not see where it had been resolved.

I have setup my second email as indicated but when I try to send an email externally, it bounces back as unable to realy. If I send the email internally (from within my own network) it works fine.

Sean Daniel said...

Did you make sure to make your domain authoritive for the other domain in the recipient policy?

Also, you can't send email from outside the domain, the server will require authenticated access to send mail from outside the domain.

Nick said...

Hi there i have the same problem regarding two domains. I have a customer who is using two mail domains using VPOP and we want to upgrade them to SBS 2003, We connect via adls and a IP is not an option (not available) so we cannot depend on a MX record. the mail is currently spooling to one mail box from the isp so they are handling it any recommendations????

Anonymous said...

thats a bit annoying I was hoping to find a post from someone that had solved the sending from multiple domain addresses problem, I've done all the policie stuff and added the second domain smtp addresses to uses, I don't want to setup pop accounts on every machine, the distribution list looks like my only option. there must be some hack to let you send from another address and not give you a permission error COMMON!!!!

Antony Lovedale said...

Can anyone help!

I am trying to setup multiple internal website on an SBS server for development purposes.

However having created two sites in ISS, only one site to will run, the second erros "The webpage cannot be found".

Am using single defualt IP address and ports 81 & 82

An help pointer appriciated.

Sean Daniel said...

If you are just doing websites (HTTP), why not just use port 80 and host headers? Why don't you look at the other attached #1, #2, #3, #4 hosting multiple domains.

Sean

Alonso said...

Thanks found this blog very useful and helpful

Globalprotec said...

The main advantage of multi-domain SSL certificate is that it protects a primary domain and at the most 99 Subject Alternative Names (also known as SAN) in a single certificate. In recent years, multi-domain certificates have become popular due to the advantages that they offer.

Sean Daniel said...

Multi-domain SSL is a good way to go, it's just more expensive than a single domain SSL.