troubleshooting Question

Multiple domain/password/outsourced email/SSO nightmare

Avatar of EMEA iOps
EMEA iOpsFlag for United Kingdom of Great Britain and Northern Ireland asked on
ExchangeActive DirectoryMicrosoft Server OS
3 Comments1 Solution309 ViewsLast Modified:
OK so here is the scenario...

We have a domain with users and computers (domain A). This domain has a forest trust with our email provider (domain B). When an account is created on our domain (domain A) it is sync'd to domain B every two hours using Identity Lifecycle Manager (ILM).

The user account in domain b has the same details but is in a disabled state. This object has a mailbox provisioned to it and at that point a user in domain A can open outlook and see their emails. All authentication is done at domain A.

This all works fine, the problem comes when a 3rd domain is mixed in. So a user in domain c logs onto their machine and opens outlook, they need to enter domain A's credentials. This means they are managing two passwords which is not ideal, account lockouts are rampant.

How can I solve this issue? I could establish a trust but I don't think it would achieve anything. Please note, our normal solution is to migrate users into domain A but this is not possible for this particular domain.

Any thoughts? Let me know if more information is required.

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 3 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros