Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Exchange and forest trusts

Status
Not open for further replies.
tuliphead

tuliphead

IS-IT--Management
Aug 27, 2004
143
NO
Ok, with windows 2003 it is possible to create to-ways forest trusts. On the other hand ... a forest is the outer bondary for an exchange organization.

So ... in a scenario with two forests, where users in one of the forests should use exchange services in the other forest, it wont help just creating trusts right? They actually need their own AD-user in the other forest, and has to authenticate as that user to reach their mailboxes, right?

Correct assumption?
 
Sort by date Sort by votes
As I understand there's a cut down fre version of MIIS for handling cross-forest Exchange issues. I've never looked into though and the full version of MIIS is hideously expensive (and complicated!).
 
Upvote 0 Downvote
What exactly is MIIS? I don´t even think it is possible to set up trusts in my scenario (political reasons). I just wanted to know if it was possible as a technical solution ... and if it is possible to assign an exchange mailbox to a user in another forrest.
 
Upvote 0 Downvote
It's Microsoft's directory synch/provisioning tool, so in your case you might be able to configure so if you created a user in your forest it would automatically create the same user + mailbox in the other forest (and synch passwords etc.). Otherwise I think you're stuck as you wouldn't be able to add a non-forest user to a mailbox so they'd have to remember + maintain another set of credentials. To be honest though I've never looked into cross-forest Exchange stuff so don't take my word for it :p
 
Upvote 0 Downvote
Well ... your answer clearified what I needed to know. It is no other way than administering a double set of user accounts. Either manually or automatically with the synch/provisioning tool.

But for this to work, does both forests need to have an exchange organization? As far as I can see ... it is more like a synchronization tool between two exchange organizations ... rather than a tool for users in one forrest to use resources in another?

 
Upvote 0 Downvote
Yes, you can create 2 way forest trusts in windows 2003. They are called cross forest trusts or 2-way transitive forest trusts. Very cool, you create 1 trust at the top level and you can access any child domains from either site (Transitive). If you have very large forests on each side this can create bottlenecks. You may need some shortcut trusts if this is the case.

Windows 2003 R2 definitely adds alot more to the forest side of things:

I have been looking into this type of an issue for a 3500 user network migration from Novell Groupwise to MS Exchange 2003 across the world. This also includes some sites setup as separate forests. Unfortunately forest trusts are out of the question for us so we will be using some sort of product to replicate information. Forest trusts might solve this issue of GAL replication though for me this is untested. DNS would probably need to be good between the forests for lookups (Conditional forwarders etc).

NickFerrar is correct; MIIS does allow this replication between separate forests to occur. For me, this is quite a new product from Microsoft so on this scale there is alot riding on it. Another alternative (what we will be using) are some of the Quest range of products. They are proven and have been around for a while.


(I forget the exact product; I will let you know when I remember its exact name)

My guess on the Exchange side of things, you will need local installs relative to each forests. The above tools replicate the GAL side of things. Mail replication may be a huge issue for you not to mention what the clients do. I am assuming that you have alot of clients (you haven't mention how big your network is) this may be a huge issue.

Hope this helps, goodluck ;)


"Assumption is the mother of all f#%kups!
 
Upvote 0 Downvote
If I understand this correctly, those solutions will only be suitable in a migration scenario where both forests has implemented a mail organization in front.

I just needed to check the possibility for expanding an exchange organization through trusts ... and if it was possible to assign mailboxes to users in another forest ... without the typical synch-scenario.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

S
  • Locked
  • Question
MS Exchange contacts question
Replies
0
Views
407
sdp.Daniele
S
A
  • Locked
  • Question
MS Exchange Setup
Replies
0
Views
437
andreegington
A
PatrickRoggers
  • Locked
  • Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
3K
PatrickRoggers
PatrickRoggers
T
  • Locked
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
3K
DrB0b
DrB0b
ComputersUnlimited
  • Locked
  • Question
Migrating to Exchange 2019
Replies
0
Views
3K
ComputersUnlimited
ComputersUnlimited

Part and Inventory Search

Sponsor

Back
Top