Aad Support
asked on
Manage domain trusted exchange
Hello,
i need some help/assistance by some configuration i made.
recently we have setup a management server by one of our customers. the only problem we have is that this costumer has 2 domains and 2 separated exchange servers.
for each domain 1.
the Domains are 2 way domain forest trusted.
the servicedesk is not allowed to use the domain admin of each domain.
i wan't to setup a servicedesk role on both exchange servers and will let them connect with 1 user account on one of the 2 domains.
the servicedesk engineers have a user account in domain 1
they could change or add users in domain 2. like they can in domain 1.
they can change folder permissions on both domains.
they can add or manage mailboxen on the exchange server from domain 1 (where they have domain user account)
they are not allowed to sign in with there domain trusted accounts on the exchange server on domain 2.
i have trying almost every solution using secgroups.
DL cannot be added as member on a universal group only member of..
the admin role sec group automaticly created by exchange is a universal group and cannot be changed to domain local of global, if you do it is not visable in exchange anymore.
the only group that can add users from a trusted domain to the member tab is a domain local (strange enough)
but Domain Local group cannot be add on the member tab of a universal group.
do one of you have another solution other than creating the SD accounts on both domains?
{edit!}
both exchange servers are 2013
i need some help/assistance by some configuration i made.
recently we have setup a management server by one of our customers. the only problem we have is that this costumer has 2 domains and 2 separated exchange servers.
for each domain 1.
the Domains are 2 way domain forest trusted.
the servicedesk is not allowed to use the domain admin of each domain.
i wan't to setup a servicedesk role on both exchange servers and will let them connect with 1 user account on one of the 2 domains.
the servicedesk engineers have a user account in domain 1
they could change or add users in domain 2. like they can in domain 1.
they can change folder permissions on both domains.
they can add or manage mailboxen on the exchange server from domain 1 (where they have domain user account)
they are not allowed to sign in with there domain trusted accounts on the exchange server on domain 2.
i have trying almost every solution using secgroups.
DL cannot be added as member on a universal group only member of..
the admin role sec group automaticly created by exchange is a universal group and cannot be changed to domain local of global, if you do it is not visable in exchange anymore.
the only group that can add users from a trusted domain to the member tab is a domain local (strange enough)
but Domain Local group cannot be add on the member tab of a universal group.
do one of you have another solution other than creating the SD accounts on both domains?
{edit!}
both exchange servers are 2013
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I have recommended this question be closed as follows:
Accept: 'Imtiaz Hasham' (https:#a42898218)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer