What happens to active directory with exchange in new domain in same forest

Posted on 2009-06-29
Medium Priority
Last Modified: 2012-05-07
I have 2 trusted domains in the same forest, and all of the users and exchange are in domain a. I want to move exchange to domain b, but don't have any users in there yet (except the admin). What do I have to do with active directory for users to still log into domain a and use exchange in domain b? Thanks!
Question by:LunaRavenscroft
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 24737938
You have to create a two-way trust between the two domains, so that you can give the users in domain A access to domain B.

Author Comment

ID: 24737967
That is already done. Do I actually have to add users to domain b?
LVL 38

Accepted Solution

Hypercat (Deb) earned 2000 total points
ID: 24738030
You can create a group and then add them to that group - I believe it has to be a Universal or Domain local group (not Global). Then, you can use that group to assign permissions, or you can make that group a member of the Domain Users group (which is a global group by default). That way they have access to anything on the domain that you assign to that group, including of course Exchange mailboxes.

Author Comment

ID: 24738262
I created a group, but either way I create it as Universal or Local, I cannot see it to make it a member of the Domain Users group. Since it is in the User container, does it matter?
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 24738872
Yeah - I forgot this hierarchy, as it's a little bit weird.  You can make a global group a member of a domain local or univeral group, but not vice versa. So, the Domain Users group won't work for you that way.  But as long as the users have the ability to access domain B, they should be able to connect to the Exchange server anyway, as they will be members of the Everyone/Authenticated Users.  I was only recommending adding it to the Domain Users group so that you could easily grant other file access if needed.  If you make the new group a Universal group, you can add it to the Buit-in Users group, which you could also use for file access, etc., if you wanted to do that.

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Suggested Courses
Course of the Month9 days, 5 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question