Clarify Exchange 2010 Resource Forest Topology

Posted on 2011-05-12
Last Modified: 2012-05-11
Objective: We want to deploy a single Exchange 2010 Server and have it support the users in its "home" domain and forest as well as users in a separate domain and forest.

Our scenario:  We manage 2 domains that are each in their own forest.  Neither one currently has an Exchange server.  Both are 2003 AD functional level.  Both domains have user accounts.  DomainA is located in ForestA, and DomainB is located in ForestB.  A domain trust between DomainA and DomainB has been configured and is working properly.  We want to deploy Exchange 2010 to DomainA for DomainA users and allow DomainB users to use its services at the same time.

The reason I'm having trouble being certain whether or not DomainA can have user accounts and still be able to deploy Exchange 2010 to DomainA in a Resource Forest Topology is the MS article's description of an Exchange Resource Topology (found at

Resource Forest

A resource forest topology is one with an Exchange forest and one or more user accounts forests.
That means both ForestA and ForestB in our case are User Accounts Forests.
Here is an overview of what you need to do to deploy Exchange 2010 in a topology with a resource forest:

1.You must have a forest with Exchange installed. In the Exchange forest, you must have disabled the user accounts that have Exchange mailboxes.
So all the users in our DomainA would have to be disabled and they wouldn't be able to log in anymore?  We can't do that.
2.You must have at least one forest that contains user accounts. This forest should not have Exchange installed.
So we can't deploy Exchange 2010 to DomainA if we want to simultaneously support DomainB with it?
3.Then, you must associate the disabled user accounts in the Exchange forest with the user accounts in the accounts forest.
When deploying Exchange to a domain with user accounts, aren't the accounts automatically associated with their respective mailboxes?

Obviously, the article was of no use to me in trying to answer our question:

Can DomainA in ForestA also be the Exchange Resource Forest for iteself as well as being the Exchange Resource Forest for DomainB in ForestB?  (DomainB must remain in ForestB).

/reaches for Aspirin...
Question by:UncleN00b
    LVL 13

    Accepted Solution

    The topology you want to implement will use Linked Mailboxes.

    The exchange you are going to deploy will be able to support both forests, this is not a problem.

    1. MS says you must disable the users that have the exchange mailboxes LINKED to the other forest, and yes I think they should have been a bit more clear here.
    See the topology here :

    2. If you want to deploy exchange in both domains, then why having all this trouble of using the cross forest setup ? Then it makes no sense to have a cross forest setup.

    3. When you create a new user this will not automatically have a mailbox attached to his account so not all the accounts will have a mailbox associated to their account by default.

    To answer your final question : You can install Exchange in Forest A and this exchange organisation will be able to support the local users as well as the users from DomainB.
    You can not have a mailbox running on the server without a user account associated with it. Therefore you must create a new user in Domain A with a mailbox attached and then disable THIS user if you want to link it with an user in Domain B.

    I hope this clarifies a bit better this scenario.

    Author Comment

    Thank you GeoSs.

    On your answer #2, we never intended to have multple Exchange installations.  That is the reason to get clarification on this.  I apologize if something I said suggested that.  I was not completely sure that we didn't need to create a ForestC to be the Exchange Forest to get this to work which, as Microsoft has worded it, could possibly imply that need.  Thank goodness we don't need a 3rd forest.

    Thank you again for the information!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do email signature updates give you a headache?

    Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

    Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
    Create high volume marketing opportunities using email signatures with these top 10 DOs and DON'Ts of email signature marketing.
    In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
    In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now