• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 251
  • Last Modified:

Exchange 2000 in Multiple Forest Environment

Is it possible to use the same exchange servers to service users in multiple forests?
  • 2
1 Solution
The quick and dirty answer is NO! well, depending on how bad you want to do it......

The reason for this is that a mailbox is simply an attribute to an account. The object (account in a.d.)must be there to apply the mailbox attribute to it.

We were able to do this in 5.5 because a mailbox WAS an object....you then associated whatever account you wanted to that object - in E2K it's reversed.

You can use the inter-org connection agreement with the active directory connector.
This will replicate all accounts from the other forest into active directory as a disabled windows user account, a new windows user account, or a contact.

If you replicate the accounts from the other forest into active directory as New Windows user accounts, you can then mailbox enable them, create a two way trust between the two forests, give the trusted accounts rights to the replicated accounts mailboxes, and have the users in the other forests logon to the mailboxes through the trust with permissions added.

I wouldn't want to deal with the above, it could get very complicated,...but i believe it would work.

Forest 1  |     Interorg connection agreement   | Forest 2
          |                                     |
A.D.      |<--replicate into a.d via the c.a.-- | Users

1.using the option on the interorg connection agreement to create a new account in A.D. - mailbox enable them
2. setup a trust between the two forests
3. Give the users in forest 2 permissions to their associated (replicated accounts in a.d. for forest1) rights
4. Setup the users in forest 2 to logon to the mailbox they have been given permissions to.

Note: I can almost gaurantee you without research that this is probably not recommended. This can get dirty because changes made by the interorg connection agreement CANNOT BE REVERSED.

So after all of this....i would say DON'T TRY IT.

dtempleMTAuthor Commented:
I found a TID from Microsoft that says to create disabled mailbox accounts in the forest with the Exchange box and then associate those accounts with the active accounts in the other forest.  Pardon my ignorance, but is that, in fact what you've just suggested?
Yes that is exactly one of the options that i suggested.
Use the active directory connector, create an interorg connection agreement, and you will have the option of taking the users in the other forest, and replicating/creating them in the local forest as disabled windows user accounts.....

The "TID" from Microsoft is telling you to create windows disabled user accounts...i am giving you a method to do that via the interorg connection agreement so you don't have to manually create them.

Then you can associate the accounts from the other forest with the accounts from the local forest....
as i drew out....sorry if i did not explain it clearly enough....
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now