[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Exchange over cross forest trust

Posted on 2009-02-24
7
Medium Priority
?
486 Views
Last Modified: 2012-05-06
I'm after some advice for designing the merging of two networks over two sites.

Both networks are running win server 2003 native in seperate forests. i would like to keep the forest seperate to maintain a degree of autonomy between sites and also maintin the domain policy.

Network 1 (The north) has two domains net1.local and net1.com. net1.local contains the sites users. net1.com contains exchange 2003 with a public ip running rpc over https. network 1 has to remain completely autonomous in the event of disaster.

Network 2 (the south)has 1 domain net2.com. net2.com contains this sites users. net2.com is migrating from lotus notes to exchange.

The idea behind the project is to bring the two domains closer together (we are the same company) but still retain a degree of autonomy.

I would like to set up a forest trust between sites. i would then like to add a second exchange server to the existing net1.com (the north)domain, but physically place that in network 2 (the south).

Would a forest trust let me accomplish this?
0
Comment
Question by:beplas
  • 4
  • 3
7 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 23723198

The Trust is not relevant to the placement of the second Exchange Server (because it is not part of the Exchange domain).

However, you might consider that having a Global Catalog (and therefore a DC) close to the Exchange Server would be beneficial. Exchange makes very heavy use of the Global Catalog.

Chris
0
 

Author Comment

by:beplas
ID: 23723277
Hi Chris,
I would like to make the second exchange server part of the existing exchange domain, but place said exchange server in a different forest.

cheers
paul
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 23723336

You cannot I'm afraid.

Exchange cannot be separated from its configuration forest. It must be a member of the forest hosting the Exchange organisation.

Chris
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:beplas
ID: 23725614
What if the second exchange server was set up and configured in the same forest as the first, then physically moved to the new site/subnet. Could users in site 2 connect to exchange 2 which is a member of forest 1 and then authenticate back to domain 2 through the forest trust?

Could users in site 2
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 23727264

You would still have to maintain accounts and mailboxes in Forest 1, but there's nothing to stop you granting the user in the trusted forest rights to a mailbox there.

You would still benefit from having a Global Catalog on the same subnet / same site as the Exchange Server. Exchange is very reliant on that.

Chris
0
 

Author Comment

by:beplas
ID: 23728450
Ok, so, even though a forest trust would be in place, users in site 2, being members of domain 2, connecting to exchange 2, which is a member of forest 1, would not be able to authenticate back to domain 2?

have i got that right?
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 23731540

If they're a member of Domain 2 then they would be authenticating against that.

It is possible to configure mailboxes on the Exchange Server to allow accounts from a trusted domain to access them. I had assumed this is what you had in place already for your existing site?

Chris
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
How to effectively resolve the number one email related issue received by helpdesks.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question