none
One Exchange Server for two different AD Domains, using same email domain... RRS feed

  • Question

  • We have two different Active Directory domains on the same LAN.

    Domain1.com

    Domain2.com

    We have one smtp email domain, that is user@Domain1.com

    We have one Exchange cluster, that is on Domain1.com

    Users in Domain2.com want to start using our exchange server, & have the same email user@Domain1.com for all users.

    Any suggestions to allow this to happen? I did some research that involves setting up a domain trust.

    If a domain trust is needed, then here is the info...

    Domain1.com is at Windows 2003 level w/ Windows 2003 DNS servers.

    Domain2.com is at Windows 2000 level w/ Windows 2000 DNS servers.

    Thanks,

    Jason

    Wednesday, August 22, 2012 3:58 PM

Answers

  • Hello Jason,

    If these domains are in the different forests, and you want users in Domain2.com can use Exchange server in Domain1.com, I suggest you use linked mailbox to do that:

    How to Deploy Exchange 2007 in an Exchange Resource Forest Topology
    http://technet.microsoft.com/en-us/library/aa998031(v=exchg.80).aspx

    How to Create a Linked Mailbox
    http://technet.microsoft.com/en-us/library/bb123524(v=exchg.80).aspx

    Thanks,

    Evan Liu

    TechNet Subscriber Supportin forum

    If you have any feedback on our support, please contact tngfb@microsoft.com 


    Evan Liu

    TechNet Community Support

    Thursday, August 23, 2012 6:33 AM
    Moderator
  • I got it working, but want to better understand the setting I changed to make it work.

    It was an Authentication setting in the domain trust that I setup.

    In the properties of the domain trust, there is a tab called Authentication.

    There are two choices.

    1. Domain-wide authentication

    2. Selective Authentication

    I originally had Selective Authentication selected as it sounded the most secure; just to let the users in domain2.com use are Exchange resources.

    As soon as I changed this setting to Domain-wide authentication; in domain2.com; the prompts in the Outlook 2007 clients went away & the users mailbox's now opened.

    Now my questions are...

    1. What exactly did I just open/enable by selecting the Domain-wide Authentication?

    2. Is there a documented procedure to go back to the Selective Authentication & allow domain2.com to only access the Exchange resources from domain1.com?

    Thanks


    Jason Lehman

    • Marked as answer by JasonLehman Friday, September 7, 2012 3:15 PM
    Tuesday, September 4, 2012 6:56 PM

All replies

  • Which version of Exchange?

    A trust would be involved, but just for authentication. The WINDOWS domain has nothing to do with the email domain, so the fact that the users want to receive email on the same EMAIL domain is fine.

    This is just a matter of authentication and mailbox configuration, but version of Exchange is key - I suspect 2003.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.

    Wednesday, August 22, 2012 6:07 PM
  • Sorry, its Exchange 2007; in a CCR cluster.

    Jason


    Jason Lehman

    Wednesday, August 22, 2012 6:09 PM
  • Also, the two domains are not in the same forest.

    Thanks,


    Jason Lehman

    Wednesday, August 22, 2012 6:11 PM
  • On Wed, 22 Aug 2012 15:58:32 +0000, JasonLehman wrote:
     
    >We have two different Active Directory domains on the same LAN.
     
    >Domain1.com
    >
    >Domain2.com
     
    Domains or Forests? It's significant!
     
    If it's two different Forests then do both of them have their own
    Exchange organization?
     
    If the 2nd AD Forest doesn't have an Exchange organization then you
    can use them as a "resource" Forest and create accounts for them in
    your "account" forest.
     
    >We have one smtp email domain, that is user@Domain1.com
    >
    >We have one Exchange cluster, that is on Domain1.com
    >
    >Users in Domain2.com want to start using our exchange server, & have the same email user@Domain1.com for all users.
    >
    >Any suggestions to allow this to happen? I did some research that involves setting up a domain trust.
    >
    >If a domain trust is needed, then here is the info...
    >
    >Domain1.com is at Windows 2003 level w/ Windows 2003 DNS servers.
    >
    >Domain2.com is at Windows 2000 level w/ Windows 2000 DNS servers.
    >
    >Thanks,
    >
    >Jason
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    • Marked as answer by Evan LiuModerator Sunday, September 2, 2012 1:18 AM
    • Unmarked as answer by JasonLehman Friday, September 7, 2012 3:16 PM
    Wednesday, August 22, 2012 10:00 PM
  • Hello Jason,

    If these domains are in the different forests, and you want users in Domain2.com can use Exchange server in Domain1.com, I suggest you use linked mailbox to do that:

    How to Deploy Exchange 2007 in an Exchange Resource Forest Topology
    http://technet.microsoft.com/en-us/library/aa998031(v=exchg.80).aspx

    How to Create a Linked Mailbox
    http://technet.microsoft.com/en-us/library/bb123524(v=exchg.80).aspx

    Thanks,

    Evan Liu

    TechNet Subscriber Supportin forum

    If you have any feedback on our support, please contact tngfb@microsoft.com 


    Evan Liu

    TechNet Community Support

    Thursday, August 23, 2012 6:33 AM
    Moderator
  • Hi Jason,

    Any updates on this issue?

    Thanks,

    Evan Liu

    TechNet Subscriber Supportin forum

    If you have any feedback on our support, please contacttngfb@microsoft.com


    Evan Liu

    TechNet Community Support

    Friday, August 24, 2012 1:25 AM
    Moderator
  • Yes, sorry. I had to wait for our network admin to setup the proper access between the two VLANs.

    I am going to attempt to setup the domain trust now & then try the linked mailbox approach.

    For now Exchange will be in Domain1.com only.

    Thanks,


    Jason Lehman

    Friday, August 24, 2012 2:39 PM
  • I think everything will be easy after you setup the domain trust.

    Thanks,

    Evan Liu

    TechNet Subscriber Supportin forum

    If you have any feedback on our support, please contacttngfb@microsoft.com


    Evan Liu

    TechNet Community Support

    Monday, August 27, 2012 6:03 AM
    Moderator
  • I just got back from being on vacation all of last week. Sorry for no updates.

    The domain trust was setup successfully. I was able to create a linked mailbox per your suggestion.

    Here is where I am having a problem...

    When a user from Domain2.com logs onto their pc, we seem to be having authentication issues w/ the Exchange server.

    From Outlook 2007, we get the first time Outlook 2007 Startup wizard. We get a message saying "An encrypted connection to your mailserver is not available. Click Next to attempt using an unencrypted connection."

    So I went back a few steps in the wizard & chose to manually configure server settings.

    I get to the screen where it asks for the name of your Exchange server. I put in the fully qualified domain name. Then type in the user name, then click the Check Name button. Here is where I get prompted for a user name & password; that I can't get passed.

    Any suggestions of what user name & pw should work there? Should it be the user that is logged in from Domain2.com OR the disabled account that got created when I setup the linked mailbox?

    Thanks,


    Jason Lehman

    Tuesday, September 4, 2012 3:31 PM
  • I got it working, but want to better understand the setting I changed to make it work.

    It was an Authentication setting in the domain trust that I setup.

    In the properties of the domain trust, there is a tab called Authentication.

    There are two choices.

    1. Domain-wide authentication

    2. Selective Authentication

    I originally had Selective Authentication selected as it sounded the most secure; just to let the users in domain2.com use are Exchange resources.

    As soon as I changed this setting to Domain-wide authentication; in domain2.com; the prompts in the Outlook 2007 clients went away & the users mailbox's now opened.

    Now my questions are...

    1. What exactly did I just open/enable by selecting the Domain-wide Authentication?

    2. Is there a documented procedure to go back to the Selective Authentication & allow domain2.com to only access the Exchange resources from domain1.com?

    Thanks


    Jason Lehman

    • Marked as answer by JasonLehman Friday, September 7, 2012 3:15 PM
    Tuesday, September 4, 2012 6:56 PM