+ Post New Thread
Results 1 to 5 of 5
Windows Server 2000/2003 Thread, Cross Domain Exchange Server in Technical; We currently have 2 domains in a single forest. We have a domain trust setup between the 2 domains (one ...
  1. #1

    Join Date
    Jan 2009
    Location
    United Kingdom
    Posts
    226
    Thank Post
    22
    Thanked 9 Times in 9 Posts
    Rep Power
    13

    Cross Domain Exchange Server

    We currently have 2 domains in a single forest.

    We have a domain trust setup between the 2 domains (one curric - students/teachers, and one admin). No outgoing traffic can access the admin domain from the curriculum domain, but admin can gain access to curriculum shares/servers etc. All confidential info is held on the admin domain.

    We have also recently put in a 2007 exchange server, and are going to roll out OWA to teaching staff, since they use shared mandatory profiles, hotdesk and have locked down accounts etc etc.

    We also have admin staff who generally use the same machine all day. I would like to add their accounts on their domain to the exchange server, but when creating mailboxes, I cannot access the admin domain to add the admin users. Is there anyway to do this, or is my domain trust stopping this happening? Can I add some sort of server exception as part of the trust?

    A simple fix so far (which we have implemented) is to create another account with the same username on our curric domain, and then create the mailbox from there. The problem with this, is there is a high chance that the admin user could forget their password, and we would have to reset two accounts with passwords on BOTH the domains - tbh a pain...

    I am also torn as to whether to try and convince SMT to migrate to ONE domain, the curric domain. This would make life much easier for IT support, but would need the whole network sorting out in terms of security, and ACLS on shares.

    Just looking for some advice really...

    Thanks for reading my essay!

  2. #2
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34
    Exchange DOES support multiple domains in the same forest.

    I have never installled 2007, but under 2003 it's necessary to run the DomainPrep function against every domain in which mailboxes are required. This updates the AD Schema to accept the Exchange attributes on user accounts, groups etc. This is easily done from the setup CD.

    It's then necessary to create a 'Recipient Update Policy' service on the main domain where Exchange is installed. This is to update settings on the other domain. Under 2003 this was done via the management console.

    It's crucial also that replication is working before setting all this up.

  3. #3
    NightShade01's Avatar
    Join Date
    Jan 2009
    Posts
    11
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    We have a similar setup to what you are describing. We have two domains and dual accounts in both domains. The "admin" side account for teachers only allows them access to the exchange server to receive their mail. They all pull the mail via the OWA link or we configure their laptops for outlook access on the grounds. It actually works out very nicely and we almost never have requests for password resets. My only concern was that there is alot of management involved with accounts (from teachers coming/going/retiring/firing) which can pose a slight headache quickly if you don't keep up with it.

  4. #4

    Join Date
    Jan 2009
    Location
    United Kingdom
    Posts
    226
    Thank Post
    22
    Thanked 9 Times in 9 Posts
    Rep Power
    13
    Quote Originally Posted by ajbritton View Post
    Exchange DOES support multiple domains in the same forest.

    I have never installled 2007, but under 2003 it's necessary to run the DomainPrep function against every domain in which mailboxes are required. This updates the AD Schema to accept the Exchange attributes on user accounts, groups etc. This is easily done from the setup CD.

    It's then necessary to create a 'Recipient Update Policy' service on the main domain where Exchange is installed. This is to update settings on the other domain. Under 2003 this was done via the management console.

    It's crucial also that replication is working before setting all this up.
    Is it possible to do this after we have setup Exchange? I presume not, since you mention DomainPrep, which the first part of the pre-exchange install.

    The 2007 management console can control AD directly (able to delete user accounts totally!).

    Thanks
    Mark

  5. #5
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34
    Assuming the domain in which you installed Exchange is the 'Forest Root Domain' then there should be no reason why you cannot 'DomainPrep' the other domain and start using Exchange. (NB - No need to create duplicate accounts in this case).

    If you are not sure what a 'Forest Root Domain' is, it's basically the first domain in the forest when a domain controller is installed and the 'new domain in a new forest' option is selected.

    When Exchange is installed, it is first necessary to prepare the forest (using ForestPrep) and then to prepare the domain (using DomainPrep). If you are installing Exchange in a single domain forest then these two steps might be transparent to the user.

SHARE:
+ Post New Thread

Similar Threads

  1. cross domain permissions
    By galloshes in forum Windows
    Replies: 1
    Last Post: 27th March 2008, 02:06 AM
  2. Replies: 4
    Last Post: 11th October 2007, 12:50 PM
  3. Adding a Exchange 2007 box to our domain
    By tosca925 in forum How do you do....it?
    Replies: 10
    Last Post: 7th June 2007, 08:15 AM
  4. Replies: 15
    Last Post: 2nd November 2006, 02:38 PM
  5. Replies: 2
    Last Post: 22nd February 2006, 12:30 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •