Solved

Exchange 2010 sub domain access

Posted on 2015-02-02
10
65 Views
Last Modified: 2015-02-15
We have Exchange 2010 with our primary domain setup with several sub-domains. We have a couple laptops that are configured with primary and sub-domain address. The problem is, when a machine leaves the office/LAN it cannot authenticate the sub-domain, just primary. I setup users for each domain too.
0
Comment
Question by:Harold
  • 5
  • 4
10 Comments
 
LVL 27

Expert Comment

by:davorin
ID: 40585006
I'm not completely sure to understand your problem.
I guess you have AD domain "DomainA" and then a series for mail domains like: @domainA.com. @domainB.com, @domainC.com...
And you want all users to use their mail address as login name (e.g. UserB@domainB.com)
Have you set up UPN in AD fro that domains?
https://apttech.wordpress.com/2012/02/29/what-is-upn-and-why-to-use-it/

Maybe you have problems with autodiscover:
http://www.msexchange.org/articles-tutorials/exchange-server-2010/mobility-client-access/using-autodiscover-large-numbers-accepted-domains-part1.html
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 250 total points
ID: 40585276
If you are talking about "Accepted Domains" and you have users trying to use different SMTP domains that are not primary. This is not possible.

You can only have one Primary SMTP domain. However you can still receive email to a single mailbox on multiple addresses (Alias) but you cannot send as an Alias.

If you want to send as one of your Alias addresses you need to change that SMTP address to primary and then have the user send an email.

Will.
0
 
LVL 1

Author Comment

by:Harold
ID: 40586704
davorin: thought the UPN would help with creation of user names that are the same but just assigning to a different domain, but I still have change the user name, if it matches the original username in the Primary Domain.
0
 
LVL 1

Author Comment

by:Harold
ID: 40586706
Will Szymkowski: yes I'm referring to Accepted Domains, so we can send mail from the Accepted Domains, I create a user that coincides with the domain and as long as your ON the LAN, it works, but when your off the LAN, the Accepted Domain account the would connect internally, will not connect externally.
0
 
LVL 27

Expert Comment

by:davorin
ID: 40589748
Yes, that's true. It is mostly used in multi-tenant configuration, when you want to use the user's domain instead of AD domain at client configuration/authentication.

Can you please give us more info?
Version of outlook client. Are at problematic laptops configured multiple exchange accounts?
How are outlook accounts configured?
Is exchange setup as multi-tenant or you are just using additional accepted domains?
Do a user needs multiple mailboxes and send from different mail addresses? Should the incoming mails be stored in separate mailboxes (in case users accepts mails from multiple mail addresses)
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 1

Author Comment

by:Harold
ID: 40589813
davorin: Never set this up "It is mostly used in multi-tenant configuration, when you want to use the user's domain instead of AD domain at client configuration/authentication."

Version of outlook client. Outlook 2010(currently) Are at problematic laptops configured multiple exchange accounts? yes
How are outlook accounts configured? we use the normal Exchange configuration wizard, is this what your asking?
Is exchange setup as multi-tenant or you are just using additional accepted domains? Just Accepted Domains, can I change it to use Multi-tenant in production mode?
Do a user needs multiple mailboxes and send from different mail addresses? Should the incoming mails be stored in separate mailboxes (in case users accepts mails from multiple mail addresses) Both of these questions, yes. I have setup users per mailbox to authenticate and able to send mail.
0
 
LVL 27

Assisted Solution

by:davorin
davorin earned 250 total points
ID: 40592419
Multi-tenant is used in hosting environments. It is needed only if you need to (more or less) completely separate domains on exchange server. And you need to specify it at the beginning of installation.
Can you try two things:
- If you setup outlook with one sub-domain exchange account (no primary and on other sub-domain account) do you still have the problems?
- if you, instead to configure multiple exchange accounts, configure just primary account in outlook and add full access permissions for primary account to other sub-domain accounts. The other mailbox should be added to outlook with automapping.
http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/mailbox-auto-mapping-exchange-server-2010-part1.html
0
 
LVL 1

Author Comment

by:Harold
ID: 40592808
davorin: I've done both...

- If you setup outlook with one sub-domain exchange account (no primary and on other sub-domain account) do you still have the problems? yes
- if you, instead to configure multiple exchange accounts, configure just primary account in outlook and add full access permissions for primary account to other sub-domain accounts. The other mailbox should be added to outlook with automapping. yes

The only reason the second is not an option is the Accepted Domain I'm trying to make work/authenticate, is new and is the ONLY account these users will be using and not the primary, hence where question 1 is answered. No you can not add ANY Accepted Domains, with primary or not, off the LAN.
0
 
LVL 27

Expert Comment

by:davorin
ID: 40593992
Have you tried to use outlook connectivity and autodiscover tests?
https://testconnectivity.microsoft.com/
Do you get any errors?
Use a temporary test account or at lest change test user password after the tests

Is your "primary domain" your AD domain and also a public domain?
0
 
LVL 1

Author Comment

by:Harold
ID: 40604349
What I found was outside the LAN, as I setup an account and clicked More Settings, Connections<tab> and Connect to Microsoft Exchange using HTTP, then Exchange Proxy Settings. From here I populated the  two fields with our mail servers name and set Authentication to Basic.

I was able to connect then.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now