Solved

2 Domains One Exchange Server? Or use AD Federation Server?

Posted on 2012-03-12
6
389 Views
Last Modified: 2012-06-04
Overview:
Blue: Mother Company blue.com
Red: Subsidiary red.com  (IT Services Company)

What Red needs from Blue:
Red employees need access to Blue's servers and network resources.
Red need their own email id such as User@red.com
Ideally Red could have its own domain, and therefore its own security policies which may conflict with Blues policies

Why?:
In a move to provide Red its own foundation and corporate Identity Red has invested in HR Dynamics (HR Payroll) and its required Infrastructure. (SAN + Virtualization etc)

How:
Is it possible to configure Blues Exchange servers (where currently all red employees exist as red_employee@blue.com) to accept mail for red_employee@red.com & red_employee@blue.com?

Should we look into ADFS? (whats needed in this case is access to servers via RDC, no webapps as far as I know at this time, somehow still list red@red.com in Blue exchange directory.)

Its complex I know but essentially all red employees at this time still work for blue mostly. However the plan within the next 2 years or so is for Blue to start working on external company contracts in terms of IT Services.
0
Comment
Question by:Kizm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 14

Expert Comment

by:brendanmeyer
ID: 37709273
yes.. you need to add the domain to the accepted domains
and then add the email addresses to the users for @red.com

have a look at http://www.petri.co.il/configure-exchange-2007-recieve-email-other-domains.htm for more details
0
 

Author Comment

by:Kizm
ID: 37709482
What about ADFS would it be worth the trouble? Do you know of any organizations that have used it in a scenario similar to ours?
0
 
LVL 14

Expert Comment

by:brendanmeyer
ID: 37709505
Naa sorry, I haven't done anything with ADFS before.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 17

Expert Comment

by:Gaurav Singh
ID: 37709572
0
 
LVL 40

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 37710699
ADFS will not help you with Exchange. It's designed to provide Single Sign On for Web based applications only and can't be used to federate anything other than web based traffic. Exchange has a type of federation, but it's completely different from ADFS. Exchange Federation relies on using microsoft's federation gateway as an intermediary trust. http://technet.microsoft.com/en-us/library/dd335047.aspx has a lot of information on it.

There are a lot of different solutions for the scenario you outline. Each one depends on budget constraints and other things, though. Probably the simplest is to hold the Exchange infrastructure in the Blue forest and set up Linked Mailboxes for the users in the Red domain. http://technet.microsoft.com/en-us/library/dd298099.aspx should give you some good info on multiple forest design.
0
 

Author Comment

by:Kizm
ID: 38046625
Sorry for the late reply, thank you all for your answers. I will look into the info you provided.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question