Exchange 2010 management tools and domains

One of the coolest things about Exchange 2010 is that it’s designed from the ground up to deal with multiple Exchange organizations. There are all sorts of features that take this into account, like the ability to designate equivalent dial plans, set up federation trusts, and so on.
One feature you may have missed is that the Exchange Management Console can be used to manage any Exchange organization, not just the one associated with the domain you’re logged into. This comes in especially handy if you’re using Exchange Online, or if you need to manage more than one Exchange organization from the same machine.
Turns out, though, that you can only install the Exchange 2010 management tools if your machine is joined to a domain. It doesn’t matter which domain; any one will do.
This seems odd at first glance. After all, lots of other management applications allow single-seat management across Windows domains. In fact, the Exchange 2010 control panel (ECP) does this. There actually is a good reason for the restriction, though. The Exchange 2010 EMC uses Kerberos to authenticate and encrypt the data channel used for remote PowerShell. This is simpler to deploy and manage than dealing with yet another set of SSL certificates for HTTPS… but the use of Kerb requires that the management workstation be joined to a domain. There you have it.


Comments Off on Exchange 2010 management tools and domains

Filed under UC&C

Comments are closed.