?
Solved

Moving to Exchange 2007 - satellite office

Posted on 2009-04-27
11
Medium Priority
?
158 Views
Last Modified: 2012-05-06
We are in the process of figuring the best way to move from exchange 2000 to exchange 2007.  We have several offices connected via tunnel using cisco pix. One of our branches/companies uses a different domain than us.and have their own PDC. In order for them to get their email. I have them open email and it prompts for id/domain and pass. They have to enter our domain and their id/pass that was created on our domain for them to get their email.
Is there a way to do this without getting another exchange for their domain so they don't have to log on to our domain. Pop3 or something that is more secure in 2007 exchange??  Right now they have a separate email password that can't really be changed as its too hard to change going through outlook. So they log on to their computer to domain A and then to get email they have to open outlook and log into domain B. Thanks
0
Comment
Question by:jtano
  • 5
  • 4
  • 2
11 Comments
 
LVL 65

Expert Comment

by:Mestha
ID: 24244071
As long as no SBS is involved you could put a trust in place. Then use the accounts in the other name and grant permissions on the accounts in the domain with Exchange. All users will still need to have two accounts, but the account on your domain will not be used.

Simon.
0
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24245035
Easiest (from a user point) is to give them Outlook Anywhere, so that they can use outlook and at the same time connect from their office and anywhere else in the world (if you have mobile users). They can always use OWA when they are away from office, but most users would like to have full outlook experience.

0
 

Author Comment

by:jtano
ID: 24245273
Are there any security risks with outlook anywhere? We closed OWA due to recommendations that it was a security risk ( exch 2000)  Are there any additional costs ( licenses?)
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 65

Expert Comment

by:Mestha
ID: 24245768
I don't know where you got the idea that OWA was a security risk. Certainly the combination of IIS6 and Exchange 2003 on a dedicated server has not been compromised. IIS6 is actually very secure, most of the breaches of IIS6 are caused by third party applications on top of IIS6.

Outlook Anywhere isn't considered a security risk. It was designed for hosted Exchange environments and runs over port 443.

However Outlook Anywhere isn't going to stop the dual authentication requirement.

Simon.
0
 

Author Comment

by:jtano
ID: 24254531
Yes, you are correct, I was just thinking that would not help with the dual authentication. So, I will look into the trust thing you mentioned above. Do you happen to know where I can find any directions on that. Can I set that up in exchagne 2000? Thanks
0
 

Author Comment

by:jtano
ID: 24254554
Also we had an outside company do an outside penetration test and they were the ones that suggested OWA was a security risk or at least the ports we had open for it. I just shut it off and they did another test and said we were good?
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24255378
Security penetration companies will always say that OWA is a risk. It is one of those things they can easily find that gives them something to write down on the list.

If you are using port 80 then that could be seen as a risk, however if you put it in a commercial certificate on port 443 only then you limit the risk.

This setting has nothing to do with the version of Exchange, it is a Windows domain thing. You can trust and use any version of Exchange 200x, because you are using Windows to grant the permissions.

Simon.
0
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24271130
If you are blocking 80 and just using 443 for OWA, you are fine.
0
 

Author Comment

by:jtano
ID: 24271471
Thanks for the OWA info.
I would really like to set up the trust so that the users do not need 2 accounts. I have looked up information but get several different scenarios on how to do it. Do you have any step by step documentation so that I may do this? The 2 PDC are connected by VPN  A is where the exchange server is and Site B logs on to their own domain but has to log on to outlook using our A domain and a different account. This is what I would like to eliminate but still need to keep the separate domains.
0
 
LVL 65

Accepted Solution

by:
Mestha earned 750 total points
ID: 24272751
I am not aware of any document that does everything in a single list.

You need to establish the trust between the two domains - that is heavily documented all over Google, so shouldn't take two long to find.

Once you have the trust in place, you simply need to grant the account in the Trusted domain Full Mailbox and Send As permissions on the account in the domain with Exchange. Wait a while for Exchange to see those permissions. Then when Outlook connects, it shouldn't prompt for a username and password.

Simon.
0
 

Author Closing Comment

by:jtano
ID: 31575049
Was hard finding steps on what to do but I got the trust set up and I am moving in the right direction. Thanks for pointing me there.
0

Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have come across a situation where you need to find some EDB mailbox recovery techniques, then here you will find the same. In this article, we will take you through three techniques using which you will be able to perform EDB recovery. You …
There can be many situations demanding the conversion of Outlook OST files to PST format and as such, there is no shortage of automated tools to perform this conversion. However, what makes Stellar OST to PST converter stand above the rest? Let us e…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question