Hosting owa for multiple domains
I am running Exchange 2007 (with the possibility of upgrading to 2010), and I'm trying to figure out how to run OWA in a multiple domain environment. So, for example, I have users in one domain abc.com, and others in another domain def.com. I
want users in abc.com to access owa.abc.com, and authenticate with their abc credentials, and users in def.com to acccess owa.def.com and authenticate with their def credentials.
Is this possible, and if so, what does the minimum configuration look like? Right now i'm running everything on a single machine (for a single domain), and i'd like to set up as few actual exchange environments as possible and reuse environments if possible.
For example, maybe I can set up two client access servers and a single mailbox server?
September 21st, 2010 9:22pm
It can be done.Just add receive connector and send connector.
-bpara
Free Windows Admin Tool Kit Click here and download it now
September 22nd, 2010 1:02am
@Bpara
How exactly does setting up a receive or send connector give my other domain OWA access. Connectors are virtual gateways through which messages are sent, so I'm not following how this helps me. Can you provide me a little more information, or
point me at some supporting documentation?
September 22nd, 2010 9:50am
Anyone have any feedback? Any help is much appreciated.
Free Windows Admin Tool Kit Click here and download it now
September 27th, 2010 10:36pm
Hi,
You can refer to the below article to fix the issue:
http://technet.microsoft.com/en-us/library/bb123560(EXCHG.65).aspx
Thanks
Allen
September 28th, 2010 4:39am
What do you mean by domain?
Do you mean WINDOWS domain or SMTP domain?
If you mean WINDOWS domain, then what is the connection between the two domains? Same forest or seperate?
Exchange operates at the forest boundaries, so if they are two different domains then you are going to have two sets of Exchange servers.
If you are using a trust with Exchange in a single forest, then it is still possible to use Exchange with seperate logins.
However you can only have one default domain configured on the OWA virtual directory.
If you mean SMTP domain, then the usual way round this is to configure the UPN in the domain to match the user's email address, so that they can login with their email address as the username and their usual password. This can also work for a trusted accounts
if configured correctly.
Simon.
Simon Butler, Exchange MVP. http://blog.sembee.co.uk , http://exbpa.com/
Free Windows Admin Tool Kit Click here and download it now
September 28th, 2010 8:55am
Allen, thank you for pointing me to this, however I have reviewed this article and it doesn't seem to apply to Exchange Server 2007 or 2010. Is there supporting documentation for either of these platforms?
September 28th, 2010 8:11pm
Sembee, I am referring to a Windows domain. These two domains are separate forests. I have the ability to create a trust between the two domains.
What I am going for is for userA in domain abc.com to log into mail.abc.com as abc\userA, but userB log into domain xyz.com as xyz\userB - all with a single exchange database server.
If I had two Client Access Servers on different domains, could they not point to the same mailbox server?
Free Windows Admin Tool Kit Click here and download it now
September 28th, 2010 8:24pm
Sembee, I am referring to a Windows domain. These two domains are separate forests. I have the ability to create a trust between the two domains.
What I am going for is for userA in domain abc.com to log into mail.abc.com as abc\userA, but userB log into domain xyz.com as xyz\userB - all with a single exchange database server.
If I had two Client Access Servers on different domains, could they not point to the same mailbox server?
If the users/exchange are in seperate forests, then you cannot share any of the Exchange infrustructure. Exchange only operates within the single forest. A trust doesn't change anything.
The only option you have is to put all Exchange services in the same forest and use the linked account route to allow users in the trusted domain to have access.
Simon.Simon Butler, Exchange MVP. http://blog.sembee.co.uk , http://exbpa.com/
September 30th, 2010 5:14pm
Simon,
Thanks for your help and let me rephrase: right now the domains are in separate forests, but if I can have separate domains within a single forest as separate trees, then I may be able to do that. I completely own the domains, so I can structure them
how I want to.
Given that, does that make what I am trying to do possible?
I just read the following to articles, and I feel like it should be possible, but there isn't a lot of documentation on how to actually do it.
http://technet.microsoft.com/en-us/library/bb870368%28office.12%29.aspx
http://technet.microsoft.com/en-us/library/bb124765%28EXCHG.80%29.aspx
Free Windows Admin Tool Kit Click here and download it now
September 30th, 2010 10:03pm
Once all users are in the same forest, you can only have one set of Exchange servers, and all servers will work for all clients, no matter which domain they are in. That is how Exchange is designed to work.
Therefore if you have dedicated CAS role servers, then any users in the forest can access their mailbox through those.
If you put the additional addresses in to the certificate, the users could even have their own URL to access OWA, which in reality hits the same servers as everyone else. You will still need to have a method to differentiate the domain the user are in, either
by using domain\username or username@domain as the login.
Simon.Simon Butler, Exchange MVP. http://blog.sembee.co.uk , http://exbpa.com/
October 1st, 2010 4:22pm
If I am setting up dedicated CAS role servers, then will they not already have their own URL to access OWA? Setting up a CAS role server involves creating the OWA website.
Free Windows Admin Tool Kit Click here and download it now
October 6th, 2010 4:26pm
Not really sure what the point you are trying to make is?
Installing the CAS role puts all of the OWA functionality in to IIS, that is the point of it. However it still means the CAS server can only access mailboxes in the same Exchange org (ie the same Windows Forest).
Your best option is probably to go and read the Exchange 2007 architecture white papers which explain how the roles work.
Simon.Simon Butler, Exchange MVP
Blog |
Exchange Resources
October 7th, 2010 7:26am
So you want to have multiple URLs for OWA correct?
Here's one way:
http://geekswithblogs.net/cajunmcse/archive/2009/11/13/publishing-multiple-urls-to-outlook-web-access-in-isa-2006.aspx
And another: http://www.petri.co.il/forums/showthread.php?t=34774
I haven't done either, so be sure to test in a lab where appropriate.
Free Windows Admin Tool Kit Click here and download it now
October 7th, 2010 4:35pm