Hi Currently, we have one AD forest - company.com - with multiple child domains. We also have one Exchange org. There is a business unit that wants to hold their computers in a different forest. But from these servers, they want to be able to access Exchange (via Outlook). Both forests will be running AD 2003 SP2. I assume we will need trusts etc, but does anyone know how to get this to work? Only computers will be in the second forest, no AD accounts etc. But people logging into these computers (user accounts in Forest1, computers in Forest2) should be able to access resources in Forest1.

Trust will do the authentication, then the trusted account will need Full Mailbox and Send As permissions on the mailbox in the Exchange org. Depending on internal communications you might be able to use either MAPI or RPC over HTTPS, but as you haven't said anything about versions it is hard to advise further. It is all pretty straight forward, as long as you remember that Exchange caches permissions, so things don't work immediately, the trust needs to be in place, both permissions are required and that permissions in Exchange are granted to the mail enabled account, not the trusted account. Simon.Simon Butler, Exchange MVP. http://blog.sembee.co.uk , http://exbpa.com/

Hi Sembee Thanks for the reply. Apologies, the versions are AD 2003 and Exchange 2003. Do you know which direction the trust needs to be in - I guess a two way trust is best, but as a minimum, would a one way trust work? Also, not sure what you mean by this: "then the trusted account will need Full Mailbox and Send As permissions on the mailbox in the Exchange org." Thanks again.

In my current enviroment, Company A host Exchange in Forest A and our subsidary company B in Forest B. What we did is: 1. Creat a trust relationship where Forest A and Forest B. Forest A trusted forest B (Outgoing Trust - from Forest A to Forest B). 2. Created a same accont name (staff) in both Forests. 3. Created a mailbox in Forest A and added AD name from Forest B to security tab on AD account in Forest A and give full permission. This is for Exchange 2003. 4. For Exchange 2007, will create a link mailbox which step require more easier. http://technet.microsoft.com/en-us/library/bb123524(EXCHG.80).aspx http://social.technet.microsoft.com/Forums/en-US/exchangesvrdeploy/thread/4b5b3d6b-416a-4368-bae2-c8ec4768d8ad