Windows Server 2000/2003 Thread, Cross Domain Exchange Server in Technical; We currently have 2 domains in a single forest.
We have a domain trust setup between the 2 domains (one ...
28th January 2009, 11:52 PM #1
- Rep Power
Cross Domain Exchange Server
We currently have 2 domains in a single forest.
We have a domain trust setup between the 2 domains (one curric - students/teachers, and one admin). No outgoing traffic can access the admin domain from the curriculum domain, but admin can gain access to curriculum shares/servers etc. All confidential info is held on the admin domain.
We have also recently put in a 2007 exchange server, and are going to roll out OWA to teaching staff, since they use shared mandatory profiles, hotdesk and have locked down accounts etc etc.
We also have admin staff who generally use the same machine all day. I would like to add their accounts on their domain to the exchange server, but when creating mailboxes, I cannot access the admin domain to add the admin users. Is there anyway to do this, or is my domain trust stopping this happening? Can I add some sort of server exception as part of the trust?
A simple fix so far (which we have implemented) is to create another account with the same username on our curric domain, and then create the mailbox from there. The problem with this, is there is a high chance that the admin user could forget their password, and we would have to reset two accounts with passwords on BOTH the domains - tbh a pain...
I am also torn as to whether to try and convince SMT to migrate to ONE domain, the curric domain. This would make life much easier for IT support, but would need the whole network sorting out in terms of security, and ACLS on shares.
Just looking for some advice really...
Thanks for reading my essay!
29th January 2009, 01:13 AM #2
Exchange DOES support multiple domains in the same forest.
I have never installled 2007, but under 2003 it's necessary to run the DomainPrep function against every domain in which mailboxes are required. This updates the AD Schema to accept the Exchange attributes on user accounts, groups etc. This is easily done from the setup CD.
It's then necessary to create a 'Recipient Update Policy' service on the main domain where Exchange is installed. This is to update settings on the other domain. Under 2003 this was done via the management console.
It's crucial also that replication is working before setting all this up.
29th January 2009, 01:43 AM #3
We have a similar setup to what you are describing. We have two domains and dual accounts in both domains. The "admin" side account for teachers only allows them access to the exchange server to receive their mail. They all pull the mail via the OWA link or we configure their laptops for outlook access on the grounds. It actually works out very nicely and we almost never have requests for password resets. My only concern was that there is alot of management involved with accounts (from teachers coming/going/retiring/firing) which can pose a slight headache quickly if you don't keep up with it.
29th January 2009, 10:06 AM #4
- Rep Power
Is it possible to do this after we have setup Exchange? I presume not, since you mention DomainPrep, which the first part of the pre-exchange install.
Originally Posted by ajbritton
The 2007 management console can control AD directly (able to delete user accounts totally!).
2nd February 2009, 08:29 AM #5
Assuming the domain in which you installed Exchange is the 'Forest Root Domain' then there should be no reason why you cannot 'DomainPrep' the other domain and start using Exchange. (NB - No need to create duplicate accounts in this case).
If you are not sure what a 'Forest Root Domain' is, it's basically the first domain in the forest when a domain controller is installed and the 'new domain in a new forest' option is selected.
When Exchange is installed, it is first necessary to prepare the forest (using ForestPrep) and then to prepare the domain (using DomainPrep). If you are installing Exchange in a single domain forest then these two steps might be transparent to the user.
By galloshes in forum Windows
Last Post: 27th March 2008, 03:06 AM
By Zoom7000 in forum Windows
Last Post: 11th October 2007, 01:50 PM
By tosca925 in forum How do you do....it?
Last Post: 7th June 2007, 09:15 AM
By timbo343 in forum Windows
Last Post: 2nd November 2006, 03:38 PM
Last Post: 22nd February 2006, 01:30 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)