troubleshooting Question

Allow users from trusted forest to create / Edit Exchange 2010 mailboxes in another forest

Avatar of ncomper
ncomper asked on
ExchangeActive Directory
3 Comments2 Solutions866 ViewsLast Modified:
Hi All

We have a single Windows 2008 R2 Forest / Domain that has our own Exchange 2010 org(forest A)
We have recently taken over another company that also has a Windows 2008 R2 Forest / single Domain with an Exchange 2010 org (Forest B)

We are trying to allow our 1st / 2nd line support staff who have their accounts in Forest A to be able to create and amend mailboxes in Forest B.

We have read that you need to use a powershell script to create a linked role group

New-RoleGroup <role group name> -LinkedForeignGroup <name of foreign USG> -LinkedDomainController <FQDN of foreign Active Directory domain controller> -LinkedCredential $ForeignCredential -Roles <role1, role2, role3

After running this script to add our Universal group from Forest A it says successful however when we look at the role group it does not show our UG as a member and the permissions do not work for our support staff.

When they try to run the EMC and connect to the Exchange org in Forest B they get an error that implies it is still trying to look at our own internal Exchange org

Anyone got any ideas as to how we can rectify

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 2 Answers and 3 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros