Hi, Due to security Reasons and geographical distributions, we decided tomove away from single forest-single domain AD design to Parent-Child design. - Want to leave Parent Domain (Windows 2003 domain level and forest functional level) as it is with Exchange 2003. - Create child domains for each geographically separated branches, but leave the mailboxes in Parent domain Exchange. i.e users will be logging into child.parent.com, but mailboxes being the same as parent domain <username>@parent.com. Q1. How the authentication changes. Is it possible to have single sign-on foruser login in child domain as well as accessing mailboxes in parent domain. Q2. We have DFS shares running fine in single forest and single domain structure. Is it possible to have cross domain DFS share replication with authentication? Q3. Wanted to implement Windows 2008 AD for the new child domains and plans of migrating to Exchange 2007 in the parent domain. Please let me know if the above design is good for geographically seperated organization. Thanks Ajay

Hi, A1: Yes, it is possible for User in Child domain has mailbox on Exchange which is in parent domain. What we should do is the below steps: 1. Run Setup /DomainPrep in the domain where users or any Exchange servers .You will need to run /DomainPrep in the child domain). 2. Create a Recipient Update Service (RUS) and point it to a Domain Controller in the child domain. Creating Exchange Recipient Update Service instances for remote domains http://support.microsoft.com/kb/275294/EN-US/ Troubleshooting the Recipient Update Service in Exchange Server 2003 and Exchange 2000 Server http://support.microsoft.com/?id=288807 A2: Base on my research, DFS only can have Domain-based Namespaces or stand-alone Namespace, it can replication within one domain. Since I am not the expert in that field,I recommend you to use Newsgroup for Windows Server to get more information about DFS. http://technet.microsoft.com/en-us/library/cc782417.aspx http://technet.microsoft.com/en-us/library/cc772778.aspx Newsgroup Discussions in Distributed File Systems/File Replication Service http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.windows.server.dfs_frs&cat=en_US_a921a045-5510-4d8b-8a53-2f38b5543ce3&lang=en&cr=US A3: Please understand that before you can add a domain controller that is running Windows Server2008 to an ActiveDirectory environment running Windows2000Server or WindowsServer2003, you must update the ActiveDirectory schema. That will not impact the Exchange Server 2003 Prepare a Windows 2000 or Windows Server 2003 Forest Schema for a Domain Controller That Runs Windows Server 2008 http://technet.microsoft.com/en-us/library/cc753437.aspx Hope it helps. Xiu