I came across this issue when setting up a two way forest level trust. so here's the scenario:
A company wildcards acquired another company, bizworks ( both Fictitious).
Wild cards: windows 2003 Domain & forest functional levels - Ad domain name:Wildcards.com
Exchange server 2007 - Mail domain: wildcards.com
Bizworks: windows 2000 domain & forest functional levels AD domain:bizworks.local
Linux based Mail server - Mail domain: Bizworks.com
Both have Mx records on service providers DNS. both domains connected over VPN/ MPLS/ PTP or any other form.
Since one of the domains was a windows 2000 we decided to create a two way forest trust and for DNS resolution we created secondary zones, altough with 2003 we could have used conditional forwarders. when this happened. All the emails from Bizworks to wildcards started getting queued up.
The reason we found was:since Bizworks has the same AD and Mail domains. and since we had enabled secondary zones and enabled zone transfers the secondary zone for wildcards.com on the Bizworks DNS was acting as an authoritative zone and none of the queries were going to the external Mx. Now Exchange does not need an Mx on the internal DNS for its own domain, it relies on Host records and Active directory.
since we cannot create records on the secondary zones, we created an Mx records on the Primary. now this gets interesting, we pointed this Mx to the public IP. If we create Mx pointing to internal IP of the exchange server, it would definitely worked.
Reasons for not doing the above are, if the connectivity between these two domains is broken the mail will be delivered using the internet. Does Exchange use the Public MX records on internal DNS. We found it did not, else there was a possibility that the internal mails would be routed through the internet.
Attackers love to prey on accounts that have privileges.
Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages?
You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…