none
MIM GAL Sync between Forests RRS feed

  • Question

  • Is it possible to perform MIM GAL Sync between two forests without trust.

    Thanks 

     
    Tuesday, February 27, 2018 9:51 AM

All replies

  • It is, but not without some significant custom coding. The native MIM/Exchange integration for Exchange 2010+ requires a trust to function.

    Thanks,
    Brian

    Consulting | Blog | AD Book

    Tuesday, February 27, 2018 11:54 PM
    Moderator
  • This is not accurate. As long as you use MA accounts local to the remote exchange forest, there is absolutely no need for any forest trust and all you need is appropriate network / ports  (Kerberos and HTTP and whatever else AD MA Config Wizard needs) connectivity. It works pretty much out of the box.
    Wednesday, February 28, 2018 7:14 AM
  • I could certainly be wrong as it's been a while, but, the callout is hardcoded to use Kerberos to authN to the PowerShell endpoint on the other end. How would that work without a trust?

    Thanks,
    Brian

    Consulting | Blog | AD Book

    Wednesday, February 28, 2018 4:58 PM
    Moderator
  • Yes, it's still the case, but you need trust for Kerberos only when you do cross-forest authentication. That is why I said as long as use an MA account that is local to the forest that is connecting to you don't need any kind of trust.
    Wednesday, February 28, 2018 5:53 PM
  • thanks Guys for your support.

    i found this article: http://geekswithblogs.net/marcde/archive/2015/10/19/coexistence-between-exchange-forests-without-trustshellip----part-5-preparing.aspx

    talking about the same case,...will see if this works.

    Thursday, March 1, 2018 8:22 AM