Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 159
  • Last Modified:

Multiple AD Domains

Hi Experts,

Wonder if someone could help with this one? I have done a fair bit of reading via Google but just getting more confused - I need a point in the right direction or some explanation:)

We currently have 4x Domains (Active Directory Forests) which are all independent within companies in the Group. We are now moving some departments from the companies to the Group, such as finance. This will mean Finance will need access to resources and shares on all domains. Domains are located across multiple site which are linked via VPN and PWAN's. IT is another example.

So i currently have the following:-

DomainA.local - Microsoft Windows 2008 R2 Domain, Exchange 2013, SQL Services, SharePoint Server, DFS
DomainB.local - Microsoft Windows 2008 R2 Domain, Exchange 2013, SQL Services, SharePoint Server, DFS
DomainC.local - Microsoft Windows 2012 Domain, Exchange 2013, SQL Services, DFS
DomainD.local - Microsoft Windows 2012 Domain, SQL Services, DFS

To confuse things more we have multiple e-mail domains. for example:-

DomainA1.com, DomainA2.com, Domain A3.com all running from Exchange on DomainA.local
DomainB1.com, DomainB2.com, Domain B3.com all running from Exchange on DomainB.local
DomainC1.com, DomainC2.com, Domain C3.com all running from Exchange on DomainC.local

Users will need to keep there e-mails, but in addition have emails for the other domains. so a user in DomainA who has an Email of DomainA1.com will now also need additional emails of DomainB1.com, DomainC1.com, etc.

I know i can setup a trust between all domains which i assume will resolve the issues of shares, etc, but how do i manage the Mail, especially where a user will need a mailbox on all 3x Exchange Servers. Can i move all mail services from all domains to say the Exchange Server in Domain A, which will the serve all Users on all the other Domains?

So i users laptop will be a member of one domain but be able to access resource on all domains, as they roam around all the sites, and a user will have 1 mailbox, but multiple email address for each site.

Also one other question, How would it work for Logon, say a User Laptop is a member of DomainA.local and visits a site which has DomainB.local, how does the user logon to the AD?

The ultimate goals will be to create another Domain - Say ServiceDomain.local and move all core services to that, SQL, Exchanges, etc but this is not going to happen any time soon so need a solution.

Cheers
TME
0
TrustGroup-UAE
Asked:
TrustGroup-UAE
3 Solutions
 
Jamie McKillopIT ManagerCommented:
Hello,

You can certainly consolidate all the Exchange organizations into 1. With forest trusts in place, it would be not problem for a users in DomainA to have a mailbox on the Exchange server in DomainB. Long-term, this would be the easiest infrastructure to manage. You can also create contacts in each Exchange org for the users in the other orgs. Using Microsoft FIM GalSync, this could be automated. I recommend you read this series of articles on co-existence between Exchange organizations - http://www.msexchange.org/articles-tutorials/exchange-server-2010/migration-deployment/deep-dive-into-rich-coexistence-between-exchange-forests-part1.html

As for your logon question, if you have VPN tunnels or private links between your sites, when a user from site A visits site B, their laptop will authenticate to a DC in Site A, over the WAN.

-JJ
0
 
JBond2010Commented:
I would suggest a hosted Exchange scenario Office 365. You can use a single tenant and host all your external domains. The nice thing about this is, you will also have a Global Address List. You can use Azure Active Directory sync for multi forest syncroniation of Active Directory users in combination with Active Directory Federation Services for Single Sign On.

Instead of users have multiple mailboxes you can add the aliases of the other domains that users need to send and receive mail from to their primary mailbox.

This will simplify your messaging environment and also consolidate it on a single Office 365 tenant. Backups and High Availability are also some of the features offered by Microsoft and your emails are available everywhere and this also provides a Disaster Recovery solution also.


Regards,

JBond2010
0
 
Walter PadrónCommented:
You should consolidate AD and Exchange infrastructure.  It can be done, few years ago I personally head a project to consolidate a 12k users in 14 domains into one and it works without disrupting nomal operation.

IMHO there is no need for a user to have 4 mailboxes or 4 different email domains, but if this a requeriment you can setup an alias and the user can receive mail from different domains.

Recently Microsoft updated the ADMT tool http://www.microsoft.com/en-us/download/details.aspx?id=19188

Best regards
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now