How do you run Exchange Server 2007 with an internal domain, 'internal.local', as the primary AD domain and 'external.net' as the public domain name? I want all users of the network to login to 'internal.local', but have active accounts on 'external.net'. John B. Goode would login as jbgoode@internal.loca l and receive and send mail as jbgoode@external.net . Example environment: ad.internal.local - Purpose: Domain Controller (2008 mode) - OS: Windows Server 2008 - Services: AD, DNS, DHCP mail.internal.local - Purpose: Exchange 2007 SP1 - OS: Windows Server 2008 - Services: E2K7, IIS7 border.internal.local - Purpose: Router/Firewall - OS: Debian Linux - Services: Router, Firewall, NAT, Port Forwards DNS is externally hosted - MX records point to mail.external.net - Other domain's MX records point to mail.external.net EX: mail.myOtherDomain.net's mx record points to mail.external.net for mail handling. - http://www.external.net points to a different server How do you set up autoconfigure.external.net with port 80 forwarded to www.external.net instead of autoconfigure.external.net? https:// traffic routes directly to mail.external.net and OWA works like a charm (except for the fact that users must login to internal.local instead of external.net). It seems that part of this setup needs to occur in Active Directory and part in Exchange. > When sending mail, I get the following message from the receiving mail server: 550 5.1.8 invalid/host-not-in-DNS return address not allowed The receiving server is getting the mail from mail.internal.local instead of mail.external.net and not allowing that to work. When I specify user@external.net in the 'From' field in Outlook, I get a different error: You are not allowed to send this message because you are trying to send on behalf of another sender without permission to do so. Please verify that you are sending on behalf of the correct sender, or ask your system administrator to help you get the required permission. I realize that I am pretty much over my head with this configuration, but any help you can provide is greatly appreciated. Thank you.

Unless I'm misunderstanding this is actually a very simple configuration. You want to create two accepted domains if not already created in the Exchange 2007 Organizational config: one for internal.local and another for external.net. This will allow your exchange server to accept mail for both domains. When creating these also mark them as authoritative.Then you need to ensure that your users are set to use external.net as their "reply-to" address. This can be done one at a time on a users account page or globally via an exchange address policy (EAP). During the EAP wizard you can select an existing accepted domain to base the policy from - which you would select external.net.Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator