Hi everyone, I've been running a test lab (outlined below) before I deploy a similar setup for a client. Just before I start, the deployment uses two forests (for offices on both sides of the country) for political reasons. I've tried to convince the client otherwise but they won't have it. Anyway, here's the setup. I have two forests called east and west which have a two-way trust. Each has their own exchange organisation set up (running Exchange 2007 SP3). Now the requirement is to use a shared SMTP namespace (like @example.com) so that users in both forests can use the same email suffix. I've managed to get email flowing in and out of both forests and the exchange servers happily pass email between each other if a user does not exist in its particular forest. I have also configured autodiscovery for internal users by creating an SCP object (using Export-ExchangeConfig) so that autodiscovery works for internal users even if the CAS that serves them is in the other forest. This all works really well and I'm quite happy with that. The next requirement is for autodiscover to work for external users and this is where I've been hitting a brick wall. I've configured my DNS to point to the east forest for external autodiscovery which works fine when a user from the east forest configures from an external machine. This does not work though when I try the same with a user from the west forest. This is probably to be expected but I was hoping that Exchange would pick up on the SCP object and act appropriately. If anyone could help me with this that would be great.

You must also do GALsync ,prefferably with FIM or ILM and also configure Availability Service to query each org. http://technet.microsoft.com/en-us/library/bb125182.aspx http://blogs.technet.com/b/exchange/archive/2011/06/28/cross-org-availability-using-federation-trust-and-organization-relationship.aspx http://technet.microsoft.com/en-us/library/aa998597.aspx lasse at humandata dot se, http://anewmessagehasarrived.blogspot.com

You must also do GALsync ,prefferably with FIM or ILM and also configure Availability Service to query each org. http://technet.microsoft.com/en-us/library/bb125182.aspx http://blogs.technet.com/b/exchange/archive/2011/06/28/cross-org-availability-using-federation-trust-and-organization-relationship.aspx http://technet.microsoft.com/en-us/library/aa998597.aspx lasse at humandata dot se, http://anewmessagehasarrived.blogspot.com Thanks for your quick reply Lasse :) Exchange 2007 does not appear to support any kind of Federation or Organisation trust. Both forests run Exchange 2007.

This is fine with Exchange 2007, the availability service and autodiscovery can do this for you anyway. lasse at humandata dot se, http://anewmessagehasarrived.blogspot.com

Hi Deiphos, Per your description, my understanding as below: Forest A: 1. use smtp address space contoso.com, 2. have MX,A record for external users 3. have mail.contoso.com and autodiscover.contoso.com for web service, outlook anywhwere to external users Forest B: 1. use smtp address apace contoso.com 2. receive the email through the server in the forest A Some information about the shared smtp address space with exchange 2007: http://technet.microsoft.com/en-us/library/gg476091.aspx So, if you also want the users in the forest B to use outlook anywhere through the record and CERT for forest A, in my opinion, the issue you run into is expected. If I misunderstand your issue, please feel free let me know. Regards! Gavin

Hi Deiphos, Per your description, my understanding as below: Forest A: 1. use smtp address space contoso.com, 2. have MX,A record for external users 3. have mail.contoso.com and autodiscover.contoso.com for web service, outlook anywhwere to external users Forest B: 1. use smtp address apace contoso.com 2. receive the email through the server in the forest A Some information about the shared smtp address space with exchange 2007: http://technet.microsoft.com/en-us/library/gg476091.aspx So, if you also want the users in the forest B to use outlook anywhere through the record and CERT for forest A, in my opinion, the issue you run into is expected. If I misunderstand your issue, please feel free let me know. Regards! Gavin Hi Gavin, Yes, your understanding is correct. As for the cert, the CA in forest B is a subordinate of the CA in forest A, so cert validation is not an issue. As for the expected outcome, I agree. The autodiscover.contoso.com DNS record does point to Forest A. I was hoping there would be a way to forward the request on to forest B (the way internal autodiscovery works), but have had no luck so far. I have tried Lasse's suggestion and configured the availability service, but it doesn't appear to solve the problem (mind you, I might just have incorrectly configured it). Deiphos.