Multiple Domains and Companies using one Exchange Server

Hello everyone :)

We use Exchange 2003 running on Windows Server 2003 Standard.

We have one network domain but use two different email domains ('' and '') because we have two different trading names.

Presently, any user can use the address book and see every other user address.  This has not really been an issue until now.

The Managing Director has recently setup another, but totally independent, Company.  As a result, we would like to create mailbox accounts, using our current infrastructure, and ensure that users of this new Company have their own Global Address Book whilst not seeing user accounts from the other Companies.

Typically, I create an OU for every Company and place users into the correct one.  This allows me to control which Company gets what group policy.

Obviously all these users are still logging into the one domain. I'm not sure if creating individual domains is the correct or easiest option? And am not sure how one Exchange server copes with more than one domain.

I also realise that any user logging into Webmail will need to use 'DOMAIN\User Name'. I've automated that process so the user doesn't need to type the domain in.

I've used Hosted Email Solutions before and within seconds you can have an account setup which looks and feels like your own server and domain.  Their webmail or Outlook (RPC over HTTPS) never reveals any other user accounts via the address book even though their server handles multiple users using multiple Companies and Domains.

I'd really like to know how they go about doing this so that we can utilise our equipment for our different Companies.

Thanks for reading and I hope someone can assist :)
Who is Participating?

Improve company productivity with a Business Account.Sign Up

Justin DurrantConnect With a Mentor Sr. Engineer - Windows Server/VirtualizationCommented:
BoyderamaAuthor Commented:

Just completed those steps and about to move onto 'Part 2'.

I've got several questions regarding this tutorial.

I've typed a lot and apologise if these have been asked before. My head is over flowing with questions that I need to ask in order to fully understand.

1. It asks to create a Universal Security Group which I've done. However does it really need an email address? I'm assuming that the reason to have the group is to allow the recipient policy to know which accounts to append the correct email domain? I realise it's also handy to have this group so employees can email everyone but just want to fully understand the process behind it.  Currently I've set to only allow email from authenticated users.

2.  When creating a recipient policy the instructions give a Custom LDAP rule.  I've copied this and altered it to suit our needs.  I kind of understand the rule apart from all the '&' and '(' symbols.  I was wondering though, could I not create the same rule but use the GUI? I've seen a few 'Member Of' statements.  The reason I ask is as I'm unable to create my own LDAP rule I may want to alter it and I'd need to rely on the GUI wizard.  Can the wizard create the same filter that the tutorial mentions?

3.  In the recipient policy I've specified the email address as ' '.  This is ''.  Is this OK to use?

4.  The tutorial mentions that a 'bogus' SMTP address will appear and needs to be present in the recipient policy.  It's basically the network domain after the @ sign.  It never appeared when I set the policy up.  In fact, when I've added users in the past I've always removed the network domain email address from all users.  The tutorial states OWA requires this but we've never had a problem?  Am I missing something or has something changed within Exchange which no longer requires this?

5.  Again, setting up the address book requires an LDAP rule.  The tutorial has a custom rule but could this be created using the GUI wizard?  If so, how?  I've tried using the wizard but it always creates rules which look really long?  These custom ones are so tidy.

6.  I've create a UPN suffix and this works well.  I noticed it only works for accounts you create directly under the OU you've edited.  If you create an account under a Sub OU of the OU you edited then you don't get the option to change domain.  Is this correct?  What is the purpose of the UPN suffix?  Is it simply used for this reason?

7.  I want users to login using their full email address via OWA.  I take it I must ensure to set their username to be 'first.lastname' and then select the correct domain name from the list?  This again appears to work.  I've noticed that the user can also type in 'Domain\username'.  Is this method of two different logins standard?


8.  If I remove a user from the Universal group will the email recipient policy update that users email address? (i.e. remove it?)  OR would I need to reapply the policy manually?

Thank you very much for reading and I hope someone can help :)

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.