Multiple AD Domains

Hi Experts,

Wonder if someone could help with this one? I have done a fair bit of reading via Google but just getting more confused - I need a point in the right direction or some explanation:)

We currently have 4x Domains (Active Directory Forests) which are all independent within companies in the Group. We are now moving some departments from the companies to the Group, such as finance. This will mean Finance will need access to resources and shares on all domains. Domains are located across multiple site which are linked via VPN and PWAN's. IT is another example.

So i currently have the following:-

DomainA.local - Microsoft Windows 2008 R2 Domain, Exchange 2013, SQL Services, SharePoint Server, DFS
DomainB.local - Microsoft Windows 2008 R2 Domain, Exchange 2013, SQL Services, SharePoint Server, DFS
DomainC.local - Microsoft Windows 2012 Domain, Exchange 2013, SQL Services, DFS
DomainD.local - Microsoft Windows 2012 Domain, SQL Services, DFS

To confuse things more we have multiple e-mail domains. for example:-

DomainA1.com, DomainA2.com, Domain A3.com all running from Exchange on DomainA.local
DomainB1.com, DomainB2.com, Domain B3.com all running from Exchange on DomainB.local
DomainC1.com, DomainC2.com, Domain C3.com all running from Exchange on DomainC.local

Users will need to keep there e-mails, but in addition have emails for the other domains. so a user in DomainA who has an Email of DomainA1.com will now also need additional emails of DomainB1.com, DomainC1.com, etc.

I know i can setup a trust between all domains which i assume will resolve the issues of shares, etc, but how do i manage the Mail, especially where a user will need a mailbox on all 3x Exchange Servers. Can i move all mail services from all domains to say the Exchange Server in Domain A, which will the serve all Users on all the other Domains?

So i users laptop will be a member of one domain but be able to access resource on all domains, as they roam around all the sites, and a user will have 1 mailbox, but multiple email address for each site.

Also one other question, How would it work for Logon, say a User Laptop is a member of DomainA.local and visits a site which has DomainB.local, how does the user logon to the AD?

The ultimate goals will be to create another Domain - Say ServiceDomain.local and move all core services to that, SQL, Exchanges, etc but this is not going to happen any time soon so need a solution.

Cheers
TME
LVL 1
TrustGroup-UAEAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jamie McKillopIT ManagerCommented:
Hello,

You can certainly consolidate all the Exchange organizations into 1. With forest trusts in place, it would be not problem for a users in DomainA to have a mailbox on the Exchange server in DomainB. Long-term, this would be the easiest infrastructure to manage. You can also create contacts in each Exchange org for the users in the other orgs. Using Microsoft FIM GalSync, this could be automated. I recommend you read this series of articles on co-existence between Exchange organizations - http://www.msexchange.org/articles-tutorials/exchange-server-2010/migration-deployment/deep-dive-into-rich-coexistence-between-exchange-forests-part1.html

As for your logon question, if you have VPN tunnels or private links between your sites, when a user from site A visits site B, their laptop will authenticate to a DC in Site A, over the WAN.

-JJ
0
JamesSenior Cloud Infrastructure EngineerCommented:
I would suggest a hosted Exchange scenario Office 365. You can use a single tenant and host all your external domains. The nice thing about this is, you will also have a Global Address List. You can use Azure Active Directory sync for multi forest syncroniation of Active Directory users in combination with Active Directory Federation Services for Single Sign On.

Instead of users have multiple mailboxes you can add the aliases of the other domains that users need to send and receive mail from to their primary mailbox.

This will simplify your messaging environment and also consolidate it on a single Office 365 tenant. Backups and High Availability are also some of the features offered by Microsoft and your emails are available everywhere and this also provides a Disaster Recovery solution also.


Regards,

JBond2010
0
Walter PadrónCommented:
You should consolidate AD and Exchange infrastructure.  It can be done, few years ago I personally head a project to consolidate a 12k users in 14 domains into one and it works without disrupting nomal operation.

IMHO there is no need for a user to have 4 mailboxes or 4 different email domains, but if this a requeriment you can setup an alias and the user can receive mail from different domains.

Recently Microsoft updated the ADMT tool http://www.microsoft.com/en-us/download/details.aspx?id=19188

Best regards
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.