One Exchange Server for two different AD Domains, using same email domain...
We have two different Active Directory domains on the same LAN.
Domain1.com
Domain2.com
We have one smtp email domain, that is user@Domain1.com
We have one Exchange cluster, that is on Domain1.com
Users in Domain2.com want to start using our exchange server, & have the same email user@Domain1.com for all users.
Any suggestions to allow this to happen? I did some research that involves setting up a domain trust.
If a domain trust is needed, then here is the info...
Domain1.com is at Windows 2003 level w/ Windows 2003 DNS servers.
Domain2.com is at Windows 2000 level w/ Windows 2000 DNS servers.
Thanks,
Jason
August 22nd, 2012 12:04pm
Which version of Exchange?
A trust would be involved, but just for authentication. The WINDOWS domain has nothing to do with the email domain, so the fact that the users want to receive email on the same EMAIL domain is fine.
This is just a matter of authentication and mailbox configuration, but version of Exchange is key - I suspect 2003.
Simon. Simon Butler, Exchange MVP
Blog |
Exchange Resources | In the UK?
Hire Me.
Free Windows Admin Tool Kit Click here and download it now
August 22nd, 2012 2:13pm
Sorry, its Exchange 2007; in a CCR cluster.
JasonJason Lehman
August 22nd, 2012 2:15pm
Also, the two domains are not in the same forest.
Thanks,Jason Lehman
Free Windows Admin Tool Kit Click here and download it now
August 22nd, 2012 2:17pm
On Wed, 22 Aug 2012 15:58:32 +0000, JasonLehman wrote:
>We have two different Active Directory domains on the same LAN.
>Domain1.com
>
>Domain2.com
Domains or Forests? It's significant!
If it's two different Forests then do both of them have their own
Exchange organization?
If the 2nd AD Forest doesn't have an Exchange organization then you
can use them as a "resource" Forest and create accounts for them in
your "account" forest.
>We have one smtp email domain, that is user@Domain1.com
>
>We have one Exchange cluster, that is on Domain1.com
>
>Users in Domain2.com want to start using our exchange server, & have the same email user@Domain1.com for all users.
>
>Any suggestions to allow this to happen? I did some research that involves setting up a domain trust.
>
>If a domain trust is needed, then here is the info...
>
>Domain1.com is at Windows 2003 level w/ Windows 2003 DNS servers.
>
>Domain2.com is at Windows 2000 level w/ Windows 2000 DNS servers.
>
>Thanks,
>
>Jason
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
August 22nd, 2012 6:00pm
On Wed, 22 Aug 2012 15:58:32 +0000, JasonLehman wrote:
>We have two different Active Directory domains on the same LAN.
>Domain1.com
>
>Domain2.com
Domains or Forests? It's significant!
If it's two different Forests then do both of them have their own
Exchange organization?
If the 2nd AD Forest doesn't have an Exchange organization then you
can use them as a "resource" Forest and create accounts for them in
your "account" forest.
>We have one smtp email domain, that is user@Domain1.com
>
>We have one Exchange cluster, that is on Domain1.com
>
>Users in Domain2.com want to start using our exchange server, & have the same email user@Domain1.com for all users.
>
>Any suggestions to allow this to happen? I did some research that involves setting up a domain trust.
>
>If a domain trust is needed, then here is the info...
>
>Domain1.com is at Windows 2003 level w/ Windows 2003 DNS servers.
>
>Domain2.com is at Windows 2000 level w/ Windows 2000 DNS servers.
>
>Thanks,
>
>Jason
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
August 22nd, 2012 6:06pm
Hello Jason,
If these domains are in the different forests, and you want users in Domain2.com can use Exchange server in Domain1.com, I suggest you use linked mailbox to do that:
How to Deploy Exchange 2007 in an Exchange Resource Forest Topology
http://technet.microsoft.com/en-us/library/aa998031(v=exchg.80).aspx
How to Create a Linked Mailbox
http://technet.microsoft.com/en-us/library/bb123524(v=exchg.80).aspx
Thanks,
Evan Liu
TechNet Subscriber Supportin
forum
If you have any feedback on our support, please contact
tngfb@microsoft.com Evan Liu
TechNet Community Support
August 23rd, 2012 2:33am
Hello Jason,
If these domains are in the different forests, and you want users in Domain2.com can use Exchange server in Domain1.com, I suggest you use linked mailbox to do that:
How to Deploy Exchange 2007 in an Exchange Resource Forest Topology
http://technet.microsoft.com/en-us/library/aa998031(v=exchg.80).aspx
How to Create a Linked Mailbox
http://technet.microsoft.com/en-us/library/bb123524(v=exchg.80).aspx
Thanks,
Evan Liu
TechNet Subscriber Supportin
forum
If you have any feedback on our support, please contact
tngfb@microsoft.com Evan Liu
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
August 23rd, 2012 2:38am
Hi Jason,
Any updates on this issue?
Thanks,
Evan Liu
TechNet Subscriber Supportin
forum
If you have any feedback on our support, please contacttngfb@microsoft.comEvan Liu
TechNet Community Support
August 23rd, 2012 9:31pm
Yes, sorry. I had to wait for our network admin to setup the proper access between the two VLANs.
I am going to attempt to setup the domain trust now & then try the linked mailbox approach.
For now Exchange will be in Domain1.com only.
Thanks,Jason Lehman
Free Windows Admin Tool Kit Click here and download it now
August 24th, 2012 10:44am
I think everything will be easy after you setup the domain trust.
Thanks,
Evan Liu
TechNet Subscriber Supportin
forum
If you have any feedback on our support, please contacttngfb@microsoft.comEvan Liu
TechNet Community Support
August 27th, 2012 2:09am
I just got back from being on vacation all of last week. Sorry for no updates.
The domain trust was setup successfully. I was able to create a linked mailbox per your suggestion.
Here is where I am having a problem...
When a user from Domain2.com logs onto their pc, we seem to be having authentication issues w/ the Exchange server.
From Outlook 2007, we get the first time Outlook 2007 Startup wizard. We get a message saying "An encrypted connection to your mailserver is not available. Click Next to attempt using an unencrypted connection."
So I went back a few steps in the wizard & chose to manually configure server settings.
I get to the screen where it asks for the name of your Exchange server. I put in the fully qualified domain name. Then type in the user name, then click the Check Name button. Here is where I get prompted for a user name & password; that I can't get
passed.
Any suggestions of what user name & pw should work there? Should it be the user that is logged in from Domain2.com OR the disabled account that got created when I setup the linked mailbox?
Thanks,
Jason Lehman
Free Windows Admin Tool Kit Click here and download it now
September 4th, 2012 11:35am
I got it working, but want to better understand the setting I changed to make it work.
It was an Authentication setting in the domain trust that I setup.
In the properties of the domain trust, there is a tab called Authentication.
There are two choices.
1. Domain-wide authentication
2. Selective Authentication
I originally had Selective Authentication selected as it sounded the most secure; just to let the users in domain2.com use are Exchange resources.
As soon as I changed this setting to Domain-wide authentication; in domain2.com; the prompts in the Outlook 2007 clients went away & the users mailbox's now opened.
Now my questions are...
1. What exactly did I just open/enable by selecting the Domain-wide Authentication?
2. Is there a documented procedure to go back to the Selective Authentication & allow domain2.com to only access the Exchange resources from domain1.com?
ThanksJason Lehman
September 4th, 2012 2:56pm
I got it working, but want to better understand the setting I changed to make it work.
It was an Authentication setting in the domain trust that I setup.
In the properties of the domain trust, there is a tab called Authentication.
There are two choices.
1. Domain-wide authentication
2. Selective Authentication
I originally had Selective Authentication selected as it sounded the most secure; just to let the users in domain2.com use are Exchange resources.
As soon as I changed this setting to Domain-wide authentication; in domain2.com; the prompts in the Outlook 2007 clients went away & the users mailbox's now opened.
Now my questions are...
1. What exactly did I just open/enable by selecting the Domain-wide Authentication?
2. Is there a documented procedure to go back to the Selective Authentication & allow domain2.com to only access the Exchange resources from domain1.com?
ThanksJason Lehman
Free Windows Admin Tool Kit Click here and download it now
September 4th, 2012 3:00pm