Is it possible to use certificate based authentication for linked mailboxes for which there are only disabled user accounts in the exchange forest? If so, do we need to sync certificate related attributes from the user account in the account forest to the disabled account in the exchange forest?

Are you already using certificate based authentication for your users? http://technet.microsoft.com/en-us/library/dd197564(WS.10).aspx seems like it might be useful. I haven't heard of this being done in a resource forest scenario, but that certainly doesn't mean it's not possible. So I guess I don't know Jack about this, but I was bored, and a little searching led me to http://msexchangeteam.com/archive/2010/07/16/455492.aspx, which has some interesting stuff in the comments. I don't know that it'll actually be helpful to you, but at least now your question won't have been sitting here for 12 hours without a response. :) Do you have a test environment?Missy

Hi @win, Any reason why do you want to use the certificate based authentication for linked mailbox? Actually, we use different authentication methods for different client ends in different scenarios. So, what about your scenario, we usually use certificate based authentication for exchange activesync service. That said, linked mailbox like a normal mailbox, we could use outlook, owa, mobile to access it, we could through the internal lan, vpn between the forests, internet to access it, and the authentication method also be different. Regards! GavinPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Are you already using certificate based authentication for your users? http://technet.microsoft.com/en-us/library/dd197564(WS.10).aspx seems like it might be useful. I haven't heard of this being done in a resource forest scenario, but that certainly doesn't mean it's not possible. So I guess I don't know Jack about this, but I was bored, and a little searching led me to http://msexchangeteam.com/archive/2010/07/16/455492.aspx, which has some interesting stuff in the comments. I don't know that it'll actually be helpful to you, but at least now your question won't have been sitting here for 12 hours without a response. :) Do you have a test environment? Missy Missy, thank you for your answer. We are already using certificate based auth, but not in a resource forest scenario. The second link you provided suggests it should/could work in a resource forest which is good news. Not much official documentation about it though. I just built a test environment and will test the principle.