Pulling email across forest/domain trusts

Posted on 2014-07-28
Last Modified: 2014-07-30
I have a request to allow email from two email domains to be pulled into one 2013 Exchange server. I have done the required setup and have mail flowing into the server for two domains. Example would be domain1 and domain2. Domain1 is our default. I can send email to my domain2 address and I will receive this in Outlook and when looking at this closer I see Exchange converted the To field to my domain1 address as it is the default.

Next, to allow outbound email to show the from address as domain2, I setup a POP 3 account in Outlook and pointed outbound mail to the Exchange server. I also had to setup a receive connector on Exchange to accept the email from my workstation. After doing so I sent a test message to an external account. This did show the sender as my domain2 address.

This will not work for the requester and it does have severe shortcomings on the mobile side of things.

It has been years since I have looked at trust relationships for AD forests/domains but I am thinking in order to get this to work the way the requester wants I need to create a new AD forest and domain for domain2 and install a new Exchange server and create a trust between domains.

The thing I can't figure out is if using this trust can a user in domain1 pull up an email account from domain2 and do send for the domain2 address from domain1?

Is there a better way? Impossible? Any other suggestions?
Question by:AndyD59
  • 5
  • 3
LVL 63

Accepted Solution

Simon Butler (Sembee) earned 500 total points
ID: 40225556
Over complicating matters somewhat.
Simply create a second mailbox.
Grant Send as and Full Mailbox rights to the primary account. Add the second mailbox as an additional ACCOUNT in Outlook 2013.
You should be able to add the second account to the mobile device as well.

No need for POP3 accounts or additional domains.


Author Comment

ID: 40226604
Simon, is there a trick for adding a second mailbox for a user? I don't see how that can be done as the user isn't new, just has a new email address associated with domain2. And if I select an existing user since the person already has a mailbox I can't choose them.

What I am finding when searching for adding a second mailbox is for a shared mailbox. (I assume this is a distribution group) I need to look at this closer and see if this equates to what I am trying to do.

If I can get this to work for one person at some point I may have to add up to 10-other people to have the ability to receive email to their domain2 address, but to also send mail and have it show as coming from their doman2 address too.
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40226861
Mailbox = User Account.
Therefore you have to create a second user account for the second mailbox.
That doesn't use CALs unless you are on a hosted environment as most sites are licenced per seat, not per mailbox.

As for your assumption about shared mailboxes being for groups, then that is wrong as well. A shared mailbox is completely unconnected to groups. The only difference between a regular mailbox and a shared mailbox is that the underlying AD account is disabled. However if you want to access the account from a mailbox I believe the account needs to be enabled.

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why


Author Comment

ID: 40227081

Yes, I get the mailbox = user account. Let me clarify this a little more as what you are asking isn't possible as far as I can tell.

Within Exchange, I have our default email and AD domain which is I have added a second accepted email domain to Exchange which is I created and email address policy for which creates a second smtp address for a selected user which is

When creating a new user account I can only make it for domain as the other domain is just an email domain within Exchange. As such I can only add as a secondary email address to the account.

Thus it took some trickery to send mail from this secondary email address by using the POP account in Outlook.

This second email domain I have added to Exchange is simply for separating email communication for select users from their normal email address.

Because of this is why I started thinking a second forest/domain and Exchange organization is required, but the issue then becomes how does the user access their email account for the domain from their user account in domain.

So this all boils down to how does the user receive and send email for their email address from one location or from their mobile devices?

I am not even sure this is possible to the degree this user is requesting.
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 40227121
since exchange can host unlimited domains, there are a multitude of options one of which is to create a transport rule for to move the mail to

Author Comment

ID: 40227167
David, yes this is correct. The issue isn't getting mail to, but enabling send mail to have it appear as coming from

I can do this by creating this 'fake' POP 3 account in Outlook and this gives me the option to send as and the resulting test does show as coming from this address.

Since this request is for an executive user the requirement is getting this to work on multiple mobile devices. If this person was static and worked from a workstation all of the time this POP 3 piece probably would be acceptable.

I can get the incoming email to Outlook separated as well by setting a rule to deliver all incoming email to to a user created folder by using the header information. From the mobile side I can see this folder and its contents but there is no mechanisim that allows sending a new or reply from This is using active sync on the device.

I have found a server side product that allows for selection of any SMTP address assigned a user and this may be the way to go, but I am not sure if this provides any functionality to mobile devices and will have to test it out.
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40227956
I think you are confusing WINDOWS domains with EXCHANGE email domains.
When you are creating a mailbox you don't choose the domain the account is created in. What you are seeing during that process is the UPN, which can be set the same as the email domain, but other than that there is no connection whatsoever between the WINDOWS domain and the EXCHANGE email domain.

Everything I have said is completely possible - I know because I do it all the time (do you really think I would suggest something that wasn't possible - I am an Exchange MVP for over 10 years, the all time highest point scorer in the Exchange zone on this site with approximately 30 million points).

No need for POP3 accounts, no need for rules.

The product you are referring to is almost certainly choose from. Unless something has changed, it does nothing for mobile devices. For mobile you need separate accounts of some description. I don't think I have had to deploy choose from since Outlook 2010 was released.


Author Comment

ID: 40229050
SImon, I don't doubt you know what you are suggesting will work. My problem is I don't understand how to actually accomplish what you are saying I need to do.

"When you are creating a mailbox you don't choose the domain the account is created in. What you are seeing during that process is the UPN, which can be set the same as the email domain, "
If I attempt to create a new user mailbox I have to choose either and existing user or create a new user. For an existing user I can't select the account I want to use for testing. If I create a new user then it wants me to add windows AD login information at the bottom of the setup page. This displays as username@domain.local.

When creating a new mailbox they are assigned the domain. Which is the primary email domain in Exchange and I don't see where I can set as the primary email address.

All I know is I must be missing something but I don't know what that is.

Author Comment

ID: 40229672
Simon, after much trial and error I finally figured out how this is setup.

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question