Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Exchange 2000 in Multiple Forest Environment

Posted on 2002-05-24
3
Medium Priority
?
247 Views
Last Modified: 2010-03-05
Is it possible to use the same exchange servers to service users in multiple forests?
0
Comment
Question by:dtempleMT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 10

Expert Comment

by:kevala
ID: 7033402
The quick and dirty answer is NO! well, depending on how bad you want to do it......

The reason for this is that a mailbox is simply an attribute to an account. The object (account in a.d.)must be there to apply the mailbox attribute to it.

We were able to do this in 5.5 because a mailbox WAS an object....you then associated whatever account you wanted to that object - in E2K it's reversed.

You can use the inter-org connection agreement with the active directory connector.
This will replicate all accounts from the other forest into active directory as a disabled windows user account, a new windows user account, or a contact.

If you replicate the accounts from the other forest into active directory as New Windows user accounts, you can then mailbox enable them, create a two way trust between the two forests, give the trusted accounts rights to the replicated accounts mailboxes, and have the users in the other forests logon to the mailboxes through the trust with permissions added.

I wouldn't want to deal with the above, it could get very complicated,...but i believe it would work.


Forest 1  |     Interorg connection agreement   | Forest 2
          |                                     |
A.D.      |<--replicate into a.d via the c.a.-- | Users

1.using the option on the interorg connection agreement to create a new account in A.D. - mailbox enable them
2. setup a trust between the two forests
3. Give the users in forest 2 permissions to their associated (replicated accounts in a.d. for forest1) rights
4. Setup the users in forest 2 to logon to the mailbox they have been given permissions to.

Note: I can almost gaurantee you without research that this is probably not recommended. This can get dirty because changes made by the interorg connection agreement CANNOT BE REVERSED.

So after all of this....i would say DON'T TRY IT.

0
 

Author Comment

by:dtempleMT
ID: 7033406
I found a TID from Microsoft that says to create disabled mailbox accounts in the forest with the Exchange box and then associate those accounts with the active accounts in the other forest.  Pardon my ignorance, but is that, in fact what you've just suggested?
0
 
LVL 10

Accepted Solution

by:
kevala earned 200 total points
ID: 7033427
Yes that is exactly one of the options that i suggested.
Use the active directory connector, create an interorg connection agreement, and you will have the option of taking the users in the other forest, and replicating/creating them in the local forest as disabled windows user accounts.....

The "TID" from Microsoft is telling you to create windows disabled user accounts...i am giving you a method to do that via the interorg connection agreement so you don't have to manually create them.

Then you can associate the accounts from the other forest with the accounts from the local forest....
as i drew out....sorry if i did not explain it clearly enough....
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question