Link to home
Start Free TrialLog in
Avatar of dtempleMT
dtempleMT

asked on

Exchange 2000 in Multiple Forest Environment

Is it possible to use the same exchange servers to service users in multiple forests?
Avatar of kevala
kevala
The quick and dirty answer is NO! well, depending on how bad you want to do it......

The reason for this is that a mailbox is simply an attribute to an account. The object (account in a.d.)must be there to apply the mailbox attribute to it.

We were able to do this in 5.5 because a mailbox WAS an object....you then associated whatever account you wanted to that object - in E2K it's reversed.

You can use the inter-org connection agreement with the active directory connector.
This will replicate all accounts from the other forest into active directory as a disabled windows user account, a new windows user account, or a contact.

If you replicate the accounts from the other forest into active directory as New Windows user accounts, you can then mailbox enable them, create a two way trust between the two forests, give the trusted accounts rights to the replicated accounts mailboxes, and have the users in the other forests logon to the mailboxes through the trust with permissions added.

I wouldn't want to deal with the above, it could get very complicated,...but i believe it would work.


Forest 1  |     Interorg connection agreement   | Forest 2
          |                                     |
A.D.      |<--replicate into a.d via the c.a.-- | Users

1.using the option on the interorg connection agreement to create a new account in A.D. - mailbox enable them
2. setup a trust between the two forests
3. Give the users in forest 2 permissions to their associated (replicated accounts in a.d. for forest1) rights
4. Setup the users in forest 2 to logon to the mailbox they have been given permissions to.

Note: I can almost gaurantee you without research that this is probably not recommended. This can get dirty because changes made by the interorg connection agreement CANNOT BE REVERSED.

So after all of this....i would say DON'T TRY IT.

Avatar of dtempleMT
dtempleMT

ASKER

I found a TID from Microsoft that says to create disabled mailbox accounts in the forest with the Exchange box and then associate those accounts with the active accounts in the other forest.  Pardon my ignorance, but is that, in fact what you've just suggested?
ASKER CERTIFIED SOLUTION
Avatar of kevala
kevala
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial