Hello,We have a single forest with a parent and a child domain. We have a single exchange server at the parent domain, users at the parent and the child domain are using the same exchange server. My question is when I do the Prepdomain, shall I do only setup.com/prepdomain or setup.com/prepalldomins.Another question, we would like to have separate server for outlook web access at the dmz, how should I proceed with my installation and which roles should I install on the main server and one at the DMZ. Should I have them installed simultanously?Thanks for your feedback.

Hi,You must prepare all domains where you have mailbox enabled users - therefore setup.com/prepalldominsExchange 2007 CAS servers are not supported in a DMZ - if you feel you need a dedicated server in the DMZ its an ISA server on which you publish the desired client types.Leif

Thank you for the response,So there is no similar cofiguration in Exchange 2007 as we did for Outlook Web Access in 2007 in DMZ I am only interested to secure Outlook Web Access.

Agree with Leif Deploy your Client Access Servers in a DMZ or Perimeter network, but "pretend" it's not a DMZ section in How NOT to Deploy Client Access Servers

I would recommend reading below doc to know unsupported deploymentscenarios... Common Unsupported Exchange 2007 Configurations http://technet.microsoft.com/en-us/library/dd577077.aspx -==-==-==-==-==-==-==-==-==-==-==-==-==-==-==- The Installation of a Client Access Server in a Perimeter Network Is Not Supported IssueYou may want to install an Exchange2007 Client Access server in a perimeter network. However, this type of installation is not supported in Exchange2007. CauseThe Exchange2007 Client Access server role is not supported in any configuration in which a firewall is located between the Client Access server and a Mailbox server or a domain controller. This includes firewall devices, firewall programs, or any program or device that is designed to restrict traffic between two network locations. For correct operation, Client Access servers require typical domain connectivity to domain controllers and global catalog servers. Because any devices or programs that restrict or reduce access to domain controllers or global catalog servers may affect the correct operation of the Client Access server, we do not support this type of configuration. ResolutionTo resolve this issue, move the Client Access servers to the internal network. For more information about the ports that Exchange2007 uses for various services, seeData Path Security Reference. -==-==-==-==-==-==-==-==-==-==-==-==-==-==-==- Amit Tank | MVP Exchange Server | MCITP: EMA | MCSA: M | http://ExchangeShare.WordPress.com

Thank you so much for all your feedback.