kIdBiLLiE
asked on
HELP - OWA on multiple domains within one server
How can you configure exchange server to have OWA on multiple domains within one server?
One server hosting multiple domains... and you have exchange installed....
How can I get OWA to work in all domains?
One server hosting multiple domains... and you have exchange installed....
How can I get OWA to work in all domains?
ASKER
I know how to set up exchange for OWA, but I only have one server and I would like to set up multiple OWA for multiple domain.
For example:
www.Domain1.com - his it's own OWA
www.Domain2.com - has it's own OWA
www.Domain3.com - has it's own OWA
But all are hosted on the same server. How can I set up OWA individually for all?
For example:
www.Domain1.com - his it's own OWA
www.Domain2.com - has it's own OWA
www.Domain3.com - has it's own OWA
But all are hosted on the same server. How can I set up OWA individually for all?
Kido sorry i gave u the wrong link.I have a link to a site called www.devx.com that
used to have this nice artical about what u are looking for but it is not avilable anymore.
i just tried it .so i have to type it for u and i hate typing .Tonight when i have a few
i will type it for u unless someone beats me to it.
used to have this nice artical about what u are looking for but it is not avilable anymore.
i just tried it .so i have to type it for u and i hate typing .Tonight when i have a few
i will type it for u unless someone beats me to it.
ASKER
That will awesome. I GREATLY appreciate your help and I'll be looking forward to it.
There are 12 steps that u ahve to take so get urself a drink and big cigar.
step1.Partition the active directory
Partitioning the active directory is the first step in isolating your hosted companies from one another and
make things much easier from an administrativee stand point.Assuming u want to host two companies
called alextrading.com velvettrading.com or any name and number of companies that u like.
First in ur active directory create an OU called HOSTED and within this OU create all the OU's that u
would like to host and name them after their domain.So in this case u will have to create two OU's
called alextrading.com and velvettrading.com OU's within the HOSTED OU.
STEP2.Now u must allow these users to log in to ur doamin using their UPN(user principal name)
Go to ur active directory domains and trust at the top of the hierarchy.right click and select properties
enter alextrading.com and velvettrading.com as alternate UPN suffix and click ok.
STEP3.This is up to u.Create two storage group and mailbox store for ur hosted domains(name them what ever u like)
If this is going to be ur business it will be a good idea to put them in separate stores for the
ease of backup\restore\recovery.
Step4.Populate the organization units.
Step5 craete groups in ur OU's.Create two groups for each ou,one for all the folks who will require OWA access
and one for the admins of that group(this is only if someone besides u will be responsible for that group or
domain).
If u have any question so far ask now.
step1.Partition the active directory
Partitioning the active directory is the first step in isolating your hosted companies from one another and
make things much easier from an administrativee stand point.Assuming u want to host two companies
called alextrading.com velvettrading.com or any name and number of companies that u like.
First in ur active directory create an OU called HOSTED and within this OU create all the OU's that u
would like to host and name them after their domain.So in this case u will have to create two OU's
called alextrading.com and velvettrading.com OU's within the HOSTED OU.
STEP2.Now u must allow these users to log in to ur doamin using their UPN(user principal name)
Go to ur active directory domains and trust at the top of the hierarchy.right click and select properties
enter alextrading.com and velvettrading.com as alternate UPN suffix and click ok.
STEP3.This is up to u.Create two storage group and mailbox store for ur hosted domains(name them what ever u like)
If this is going to be ur business it will be a good idea to put them in separate stores for the
ease of backup\restore\recovery.
Step4.Populate the organization units.
Step5 craete groups in ur OU's.Create two groups for each ou,one for all the folks who will require OWA access
and one for the admins of that group(this is only if someone besides u will be responsible for that group or
domain).
If u have any question so far ask now.
STEP6.Apply directory security.
To isolate the two company's directories from one another and from other companies in ur active directory
you need to modify the security settings on each OU.Otherwise users in each ou will be able access directory
objects from other OU's.Go to ur active dirctory users and computers \any OU's properties page\security
and unckeck allow inheritable permissions from parent to propagate to this object.Click copy and then
remove authenticated users and add the group that u created before for that OU(group with all the users
that include the admins for those domains).
STEP 7. SET UP ADDRESS LISTS
for this part read this artical Q321723.
STEP 8. SET msExchQueryBaseDN
If u will be using OWA in ur deployment u need to know that OWA performs LDAP queries under the
security context of the server's system account instead of impersonating the logged in user.THis means
that users logged into OWA who click on the address book icon and use find will be able to access information on other OU's and containers despite the steps u took in step 6.
To correct this using ADSI edit nvigate to domain naming context\domain NC and OU=alextrading.com
right clik on every user choose properties select optional and find msExchQueryBaseDN and type the following
OU=alextrading.com,OU=HOST
U should do this for every user in every ou that u are hosting.
u have any questions ask now.
To isolate the two company's directories from one another and from other companies in ur active directory
you need to modify the security settings on each OU.Otherwise users in each ou will be able access directory
objects from other OU's.Go to ur active dirctory users and computers \any OU's properties page\security
and unckeck allow inheritable permissions from parent to propagate to this object.Click copy and then
remove authenticated users and add the group that u created before for that OU(group with all the users
that include the admins for those domains).
STEP 7. SET UP ADDRESS LISTS
for this part read this artical Q321723.
STEP 8. SET msExchQueryBaseDN
If u will be using OWA in ur deployment u need to know that OWA performs LDAP queries under the
security context of the server's system account instead of impersonating the logged in user.THis means
that users logged into OWA who click on the address book icon and use find will be able to access information on other OU's and containers despite the steps u took in step 6.
To correct this using ADSI edit nvigate to domain naming context\domain NC and OU=alextrading.com
right clik on every user choose properties select optional and find msExchQueryBaseDN and type the following
OU=alextrading.com,OU=HOST
U should do this for every user in every ou that u are hosting.
u have any questions ask now.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Vahik...I really appreciate your help. =)
this may help u.