What happens to active directory with exchange in new domain in same forest

Posted on 2009-06-29
Last Modified: 2012-05-07
I have 2 trusted domains in the same forest, and all of the users and exchange are in domain a. I want to move exchange to domain b, but don't have any users in there yet (except the admin). What do I have to do with active directory for users to still log into domain a and use exchange in domain b? Thanks!
Question by:LunaRavenscroft
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 24737938
You have to create a two-way trust between the two domains, so that you can give the users in domain A access to domain B.

Author Comment

ID: 24737967
That is already done. Do I actually have to add users to domain b?
LVL 38

Accepted Solution

Hypercat (Deb) earned 500 total points
ID: 24738030
You can create a group and then add them to that group - I believe it has to be a Universal or Domain local group (not Global). Then, you can use that group to assign permissions, or you can make that group a member of the Domain Users group (which is a global group by default). That way they have access to anything on the domain that you assign to that group, including of course Exchange mailboxes.

Author Comment

ID: 24738262
I created a group, but either way I create it as Universal or Local, I cannot see it to make it a member of the Domain Users group. Since it is in the User container, does it matter?
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 24738872
Yeah - I forgot this hierarchy, as it's a little bit weird.  You can make a global group a member of a domain local or univeral group, but not vice versa. So, the Domain Users group won't work for you that way.  But as long as the users have the ability to access domain B, they should be able to connect to the Exchange server anyway, as they will be members of the Everyone/Authenticated Users.  I was only recommending adding it to the Domain Users group so that you could easily grant other file access if needed.  If you make the new group a Universal group, you can add it to the Buit-in Users group, which you could also use for file access, etc., if you wanted to do that.

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question