Exchange - Different Domain, Same Forest Users
-
If they are in the same forest it should not be an issue.
-
@dbeato said in Exchange - Different Domain, Same Forest Users:
If they are in the same forest it should not be an issue.
@dbeato , you're an Exchange guy right? Can I pick your brain a bit?
Should the NIC on the one Exchange server residing on the .org domain (the one I want to add the .net domain user mailboxes to) have the DNS set to prioritize .net before .org? What's the best practice here?
Additionally, the Exchange server in question (residing on .org), has the default Accepted Domain set to the .org domain, if I change that to the .net domain, is that going to throw a wrench in things or is that easily reversible? I don't have a full understanding of what could happen if I changed that, and I'm scared to try it at this juncture. Does my other Exchange server for the .org domain share this setting or is it specific to this server?
Some things I've tried so far:
Disable Global Catalogue on .net DC via Administrative Tools>AD Sites & Services>NTDS Setting>Properties. Reboot, re-enable.
Restarted Services>Microsoft Exchange Active Directory Topology on Exchange Server in question.
Get-ExchangeServer -Identity "<SERVERNAME>" -status | flshows .org Global Catalogue.
-
@G-I-Jones said in Exchange - Different Domain, Same Forest Users:
@dbeato said in Exchange - Different Domain, Same Forest Users:
If they are in the same forest it should not be an issue.
@dbeato , you're an Exchange guy right? Can I pick your brain a bit?
Should the NIC on the one Exchange server residing on the .org domain (the one I want to add the .net domain user mailboxes to) have the DNS set to prioritize .net before .org? What's the best practice here?
Additionally, the Exchange server in question (residing on .org), has the default Accepted Domain set to the .org domain, if I change that to the .net domain, is that going to throw a wrench in things or is that easily reversible? I don't have a full understanding of what could happen if I changed that, and I'm scared to try it at this juncture. Does my other Exchange server for the .org domain share this setting or is it specific to this server?
Some things I've tried so far:
Disable Global Catalogue on .net DC via Administrative Tools>AD Sites & Services>NTDS Setting>Properties. Reboot, re-enable.
Restarted Services>Microsoft Exchange Active Directory Topology on Exchange Server in question.
Get-ExchangeServer -Identity "<SERVERNAME>" -status | flshows .org Global Catalogue.
Are this disjointed domains with a domain trust or domains in the same forest? The NIC should just point to the DCs doesn't matter which one has the preference as they should have both domain zones. Most Domain Controller are Global Catalog as well without any extra configuration so I do not recommend disabling it.
-
Are this disjointed domains with a domain trust or domains in the same forest? The NIC should just point to the DCs doesn't matter which one has the preference as they should have both domain zones. Most Domain Controller are Global Catalog as well without any extra configuration so I do not recommend disabling it.
Domains are in the same forest and have a trust.
Users are able to authenticate to .org with only .org credentials from .net, .org users can access anything on .net <- This is my boss, who set it up, explaining it to me.
-
@G-I-Jones said in Exchange - Different Domain, Same Forest Users:
Are this disjointed domains with a domain trust or domains in the same forest? The NIC should just point to the DCs doesn't matter which one has the preference as they should have both domain zones. Most Domain Controller are Global Catalog as well without any extra configuration so I do not recommend disabling it.
Domains are in the same forest and have a trust.
Users are able to authenticate to .org with only .org credentials from .net, .org users can access anything on .net <- This is my boss, who set it up, explaining it to me.
How can they be in the same forest in a trust? That is impossible.
-
@dbeato said in Exchange - Different Domain, Same Forest Users:
@G-I-Jones said in Exchange - Different Domain, Same Forest Users:
Are this disjointed domains with a domain trust or domains in the same forest? The NIC should just point to the DCs doesn't matter which one has the preference as they should have both domain zones. Most Domain Controller are Global Catalog as well without any extra configuration so I do not recommend disabling it.
Domains are in the same forest and have a trust.
Users are able to authenticate to .org with only .org credentials from .net, .org users can access anything on .net <- This is my boss, who set it up, explaining it to me.
How can they be in the same forest in a trust? That is impossible.
They either have a domain trust between two domains or two domains in a forest.
-
@dbeato said in Exchange - Different Domain, Same Forest Users:
@dbeato said in Exchange - Different Domain, Same Forest Users:
@G-I-Jones said in Exchange - Different Domain, Same Forest Users:
Are this disjointed domains with a domain trust or domains in the same forest? The NIC should just point to the DCs doesn't matter which one has the preference as they should have both domain zones. Most Domain Controller are Global Catalog as well without any extra configuration so I do not recommend disabling it.
Domains are in the same forest and have a trust.
Users are able to authenticate to .org with only .org credentials from .net, .org users can access anything on .net <- This is my boss, who set it up, explaining it to me.
How can they be in the same forest in a trust? That is impossible.
They either have a domain trust between two domains or two domains in a forest.
Negative, it's called a Tree-Root Trust. It exists between domains in the same forest.
-
@G-I-Jones said in Exchange - Different Domain, Same Forest Users:
@dbeato said in Exchange - Different Domain, Same Forest Users:
@dbeato said in Exchange - Different Domain, Same Forest Users:
@G-I-Jones said in Exchange - Different Domain, Same Forest Users:
Are this disjointed domains with a domain trust or domains in the same forest? The NIC should just point to the DCs doesn't matter which one has the preference as they should have both domain zones. Most Domain Controller are Global Catalog as well without any extra configuration so I do not recommend disabling it.
Domains are in the same forest and have a trust.
Users are able to authenticate to .org with only .org credentials from .net, .org users can access anything on .net <- This is my boss, who set it up, explaining it to me.
How can they be in the same forest in a trust? That is impossible.
They either have a domain trust between two domains or two domains in a forest.
Negative, it's called a Tree-Root Trust. It exists between domains in the same forest.
yeah - but us techies rarely (I've never seen anyone talk about it) call it that - we know that a trust exists between all domains in a Forest, that's a primary component to what makes them a forest.
Now two forests (can't have a domain without also having a forest) can have trusts between them (I'm not sure if a domain in forest A can have it's own trust with a domain in forest B directly though?)
-
yeah - but us techies rarely (I've never seen anyone talk about it) call it that - we know that a trust exists between all domains in a Forest, that's a primary component to what makes them a forest.
Ah, so what trust that's different than the automatic Tree-Root of inter-forest domains are we talking about?
-
@G-I-Jones said in Exchange - Different Domain, Same Forest Users:
yeah - but us techies rarely (I've never seen anyone talk about it) call it that - we know that a trust exists between all domains in a Forest, that's a primary component to what makes them a forest.
Ah, so what trust that's different than the automatic Tree-Root of inter-forest domains are we talking about?
In this situation we don't worry about it. We know you have a Forest - so the trust issue is a non issue.
Now a question for @dbeato - can you have more than one Exchange system inside a domain? I guess I was under the impression you couldn't, or at least wouldn't. This of course doesn't mean you only have one exchange server - you have as many as you need/want, but they are all part of the same Exchange group for lack of a better name, you doll out the Exchange rolls (Mailbox, Hub, Edge transport) to different Exchange servers as needed.
I'm guessing most businesses only have one Edge Transport server, though if you need resiliency you might have more. The mailbox servers are what the end users normally attach Outlook to, so in G-I-Jones case he might have two: one to be closer to set of users A, and another to be closer to set of users B. But I'm pretty sure both could have .net or .org on them.And I totally off base here?
-
Okay, so @dbeato got me thinking about forests, so I ran
Get-ADForestfrom each DC and they show nothing but themselves. I'm thinking this is a DNS issue or the Trust might have not been configured properly. Going to start poking around there and see what I can find.
-
@G-I-Jones said in Exchange - Different Domain, Same Forest Users:
Okay, so @dbeato got me thinking about forests, so I ran
Get-ADForestfrom each DC and they show nothing but themselves. I'm thinking this is a DNS issue or the Trust might have not been configured properly. Going to start poking around there and see what I can find.
In a situation where you have two different forests and trusts between them, then yes, you'll need to resolve the DNS issue. But in that situation, I don't think you'll be able to host both email domains on both sides, I would expect you to be force both on one side, or one on each.
-
@G-I-Jones said in Exchange - Different Domain, Same Forest Users:
Okay, so @dbeato got me thinking about forests, so I ran
Get-ADForestfrom each DC and they show nothing but themselves. I'm thinking this is a DNS issue or the Trust might have not been configured properly. Going to start poking around there and see what I can find.
No, you have two different Forest plain and simple. Each Exchange is separate in each domain.
-
@Dashrender said in Exchange - Different Domain, Same Forest Users:
@G-I-Jones said in Exchange - Different Domain, Same Forest Users:
yeah - but us techies rarely (I've never seen anyone talk about it) call it that - we know that a trust exists between all domains in a Forest, that's a primary component to what makes them a forest.
Ah, so what trust that's different than the automatic Tree-Root of inter-forest domains are we talking about?
In this situation we don't worry about it. We know you have a Forest - so the trust issue is a non issue.
Now a question for @dbeato - can you have more than one Exchange system inside a domain? I guess I was under the impression you couldn't, or at least wouldn't. This of course doesn't mean you only have one exchange server - you have as many as you need/want, but they are all part of the same Exchange group for lack of a better name, you doll out the Exchange rolls (Mailbox, Hub, Edge transport) to different Exchange servers as needed.
I'm guessing most businesses only have one Edge Transport server, though if you need resiliency you might have more. The mailbox servers are what the end users normally attach Outlook to, so in G-I-Jones case he might have two: one to be closer to set of users A, and another to be closer to set of users B. But I'm pretty sure both could have .net or .org on them.And I totally off base here?
You can have as many Exchange Servers in your domain as you possibly can. I have customers with a least 3 or more in different locations o regions as well. Exchange 2013 and upward allowed the access of severs through the Front End Server which proxies to the other servers as well.
-
@dbeato said in Exchange - Different Domain, Same Forest Users:
@G-I-Jones said in Exchange - Different Domain, Same Forest Users:
Okay, so @dbeato got me thinking about forests, so I ran
Get-ADForestfrom each DC and they show nothing but themselves. I'm thinking this is a DNS issue or the Trust might have not been configured properly. Going to start poking around there and see what I can find.
No, you have two different Forest plain and simple. Each Exchange is separate in each domain.
Yup, just checked it out and they are two separate Forests. Forest Trust, rather than Tree-Root Trust. Now I have to get permissions to change this or researching if hopping domains with Exchange is supported.
-
@dbeato said in Exchange - Different Domain, Same Forest Users:
@Dashrender said in Exchange - Different Domain, Same Forest Users:
@G-I-Jones said in Exchange - Different Domain, Same Forest Users:
yeah - but us techies rarely (I've never seen anyone talk about it) call it that - we know that a trust exists between all domains in a Forest, that's a primary component to what makes them a forest.
Ah, so what trust that's different than the automatic Tree-Root of inter-forest domains are we talking about?
In this situation we don't worry about it. We know you have a Forest - so the trust issue is a non issue.
Now a question for @dbeato - can you have more than one Exchange system inside a domain? I guess I was under the impression you couldn't, or at least wouldn't. This of course doesn't mean you only have one exchange server - you have as many as you need/want, but they are all part of the same Exchange group for lack of a better name, you doll out the Exchange rolls (Mailbox, Hub, Edge transport) to different Exchange servers as needed.
I'm guessing most businesses only have one Edge Transport server, though if you need resiliency you might have more. The mailbox servers are what the end users normally attach Outlook to, so in G-I-Jones case he might have two: one to be closer to set of users A, and another to be closer to set of users B. But I'm pretty sure both could have .net or .org on them.And I totally off base here?
You can have as many Exchange Servers in your domain as you possibly can. I have customers with a least 3 or more in different locations o regions as well. Exchange 2013 and upward allowed the access of severs through the Front End Server which proxies to the other servers as well.
Right, but my point was that they are a collective single entity.... the OP made it sound like his Exchanges were completely separate - and now seeing it's likely he does not have a single forest, but instead two forests with a trust relationship.. .no wonder he can't do what he wants.
-
@G-I-Jones said in Exchange - Different Domain, Same Forest Users:
@dbeato said in Exchange - Different Domain, Same Forest Users:
@G-I-Jones said in Exchange - Different Domain, Same Forest Users:
Okay, so @dbeato got me thinking about forests, so I ran
Get-ADForestfrom each DC and they show nothing but themselves. I'm thinking this is a DNS issue or the Trust might have not been configured properly. Going to start poking around there and see what I can find.
No, you have two different Forest plain and simple. Each Exchange is separate in each domain.
Yup, just checked it out and they are two separate Forests. Forest Trust, rather than Tree-Root Trust. Now I have to get permissions to change this or researching if hopping domains with Exchange is supported.
Here's a question for the boss - why do you need two domains? What purpose does it serve?
-
@Dashrender said in Exchange - Different Domain, Same Forest Users:
@dbeato said in Exchange - Different Domain, Same Forest Users:
@Dashrender said in Exchange - Different Domain, Same Forest Users:
@G-I-Jones said in Exchange - Different Domain, Same Forest Users:
yeah - but us techies rarely (I've never seen anyone talk about it) call it that - we know that a trust exists between all domains in a Forest, that's a primary component to what makes them a forest.
Ah, so what trust that's different than the automatic Tree-Root of inter-forest domains are we talking about?
In this situation we don't worry about it. We know you have a Forest - so the trust issue is a non issue.
Now a question for @dbeato - can you have more than one Exchange system inside a domain? I guess I was under the impression you couldn't, or at least wouldn't. This of course doesn't mean you only have one exchange server - you have as many as you need/want, but they are all part of the same Exchange group for lack of a better name, you doll out the Exchange rolls (Mailbox, Hub, Edge transport) to different Exchange servers as needed.
I'm guessing most businesses only have one Edge Transport server, though if you need resiliency you might have more. The mailbox servers are what the end users normally attach Outlook to, so in G-I-Jones case he might have two: one to be closer to set of users A, and another to be closer to set of users B. But I'm pretty sure both could have .net or .org on them.And I totally off base here?
You can have as many Exchange Servers in your domain as you possibly can. I have customers with a least 3 or more in different locations o regions as well. Exchange 2013 and upward allowed the access of severs through the Front End Server which proxies to the other servers as well.
Right, but my point was that they are a collective single entity.... the OP made it sound like his Exchanges were completely separate - and now seeing it's likely he does not have a single forest, but instead two forests with a trust relationship.. .no wonder he can't do what he wants.
Yeah, even with a domain trust you can share things between Exchanges as well.
-
@dbeato said in Exchange - Different Domain, Same Forest Users:
@Dashrender said in Exchange - Different Domain, Same Forest Users:
@dbeato said in Exchange - Different Domain, Same Forest Users:
@Dashrender said in Exchange - Different Domain, Same Forest Users:
@G-I-Jones said in Exchange - Different Domain, Same Forest Users:
yeah - but us techies rarely (I've never seen anyone talk about it) call it that - we know that a trust exists between all domains in a Forest, that's a primary component to what makes them a forest.
Ah, so what trust that's different than the automatic Tree-Root of inter-forest domains are we talking about?
In this situation we don't worry about it. We know you have a Forest - so the trust issue is a non issue.
Now a question for @dbeato - can you have more than one Exchange system inside a domain? I guess I was under the impression you couldn't, or at least wouldn't. This of course doesn't mean you only have one exchange server - you have as many as you need/want, but they are all part of the same Exchange group for lack of a better name, you doll out the Exchange rolls (Mailbox, Hub, Edge transport) to different Exchange servers as needed.
I'm guessing most businesses only have one Edge Transport server, though if you need resiliency you might have more. The mailbox servers are what the end users normally attach Outlook to, so in G-I-Jones case he might have two: one to be closer to set of users A, and another to be closer to set of users B. But I'm pretty sure both could have .net or .org on them.And I totally off base here?
You can have as many Exchange Servers in your domain as you possibly can. I have customers with a least 3 or more in different locations o regions as well. Exchange 2013 and upward allowed the access of severs through the Front End Server which proxies to the other servers as well.
Right, but my point was that they are a collective single entity.... the OP made it sound like his Exchanges were completely separate - and now seeing it's likely he does not have a single forest, but instead two forests with a trust relationship.. .no wonder he can't do what he wants.
Yeah, even with a domain trust you can share things between Exchanges as well.
HUH - like what?
-
@Dashrender said in Exchange - Different Domain, Same Forest Users:
@dbeato said in Exchange - Different Domain, Same Forest Users:
@Dashrender said in Exchange - Different Domain, Same Forest Users:
@G-I-Jones said in Exchange - Different Domain, Same Forest Users:
yeah - but us techies rarely (I've never seen anyone talk about it) call it that - we know that a trust exists between all domains in a Forest, that's a primary component to what makes them a forest.
Ah, so what trust that's different than the automatic Tree-Root of inter-forest domains are we talking about?
In this situation we don't worry about it. We know you have a Forest - so the trust issue is a non issue.
Now a question for @dbeato - can you have more than one Exchange system inside a domain? I guess I was under the impression you couldn't, or at least wouldn't. This of course doesn't mean you only have one exchange server - you have as many as you need/want, but they are all part of the same Exchange group for lack of a better name, you doll out the Exchange rolls (Mailbox, Hub, Edge transport) to different Exchange servers as needed.
I'm guessing most businesses only have one Edge Transport server, though if you need resiliency you might have more. The mailbox servers are what the end users normally attach Outlook to, so in G-I-Jones case he might have two: one to be closer to set of users A, and another to be closer to set of users B. But I'm pretty sure both could have .net or .org on them.And I totally off base here?
You can have as many Exchange Servers in your domain as you possibly can. I have customers with a least 3 or more in different locations o regions as well. Exchange 2013 and upward allowed the access of severs through the Front End Server which proxies to the other servers as well.
Right, but my point was that they are a collective single entity.... the OP made it sound like his Exchanges were completely separate - and now seeing it's likely he does not have a single forest, but instead two forests with a trust relationship.. .no wonder he can't do what he wants.
You can do a Federation Trust between the Exchange servers to share Contacts and Calendars.
https://docs.microsoft.com/en-us/exchange/configure-a-federation-trust-exchange-2013-help
