Solved

What happens to active directory with exchange in new domain in same forest

Posted on 2009-06-29
5
187 Views
Last Modified: 2012-05-07
I have 2 trusted domains in the same forest, and all of the users and exchange are in domain a. I want to move exchange to domain b, but don't have any users in there yet (except the admin). What do I have to do with active directory for users to still log into domain a and use exchange in domain b? Thanks!
0
Comment
Question by:LunaRavenscroft
  • 3
  • 2
5 Comments
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 24737938
You have to create a two-way trust between the two domains, so that you can give the users in domain A access to domain B.
0
 

Author Comment

by:LunaRavenscroft
ID: 24737967
That is already done. Do I actually have to add users to domain b?
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 500 total points
ID: 24738030
You can create a group and then add them to that group - I believe it has to be a Universal or Domain local group (not Global). Then, you can use that group to assign permissions, or you can make that group a member of the Domain Users group (which is a global group by default). That way they have access to anything on the domain that you assign to that group, including of course Exchange mailboxes.
0
 

Author Comment

by:LunaRavenscroft
ID: 24738262
I created a group, but either way I create it as Universal or Local, I cannot see it to make it a member of the Domain Users group. Since it is in the User container, does it matter?
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 24738872
Yeah - I forgot this hierarchy, as it's a little bit weird.  You can make a global group a member of a domain local or univeral group, but not vice versa. So, the Domain Users group won't work for you that way.  But as long as the users have the ability to access domain B, they should be able to connect to the Exchange server anyway, as they will be members of the Everyone/Authenticated Users.  I was only recommending adding it to the Domain Users group so that you could easily grant other file access if needed.  If you make the new group a Universal group, you can add it to the Buit-in Users group, which you could also use for file access, etc., if you wanted to do that.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read this checklist to learn more about the 15 things you should never include in an email signature.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question