Shared mailbox in cross-forest environment

Hello

My context is as follow :

  • An account forest called A, hosting user accounts, and existing Exchange 2007 mailboxes
  • A ressource forest called B, hosting 90% of target Exchange 2013 mailboxes,
  • A resource forest called C, hosting 10% of target Exchange mailboxes.
  • ILM is used to Galsync between forests, with ticked support cross-forest delegation
  • Ther are forest truste between A and B, and A and C forests.
  • Autodiscover is assumed correct 
  • Shared mailboxes exist in all Exchange environments

With this configuration

  • Can a user account in A forest, with mailbox in A forest, access a shared mailbox in B forest AND C forest ?
  • Can a user account in A forest, with mailbox in B forest, access a shared mailbox in A forest AND C forest ?
  • Can a user account in A forest, with mailbox in C forest, access a shared mailbox in B forest AND A forest ?
  • Is a forest trust needed between B and C forests ?

Thanks for your ideas.

JP BERGEZ

July 16th, 2015 3:15am

In Exchange 2013, this is difficult because of the dependency on Autodiscover.  I believe that domain-joined clients will pick up Autodiscover from the SCP record and therefore won't connect to Autodiscover in the forest hosting the desired Exchange server.

I believe that if you want to use Domain B credentials for access to Domain C mailboxes you will need a trust.

Free Windows Admin Tool Kit Click here and download it now
July 16th, 2015 11:57am
Hi JP,

Because forest trust not like domain trust, it cannot be transitive, we need create trust between Forest B and Forest C as Ed mentioned.

Thanks
July 17th, 2015 9:28pm

Hi JP,

  • Can a user account in A forest, with mailbox in A forest, access a shared mailbox in B forest AND C forest ?

B,C must trust A

  • Can a user account in A forest, with mailbox in B forest, access a shared mailbox in A forest AND C forest ?

This is a linked mailbox scenario, B must trust A

  • Can a user account in A forest, with mailbox in C forest, access a shared mailbox in B forest AND A forest ?

This is a linked mailbox scenario, C must trust A

  • Is a forest trust needed between B and C forests ?

No.

As for the autodiscover part look here for possible options. It would be tricky as Ed said, you might want to remove the SCP for Ex2007 and rely on DNS based ones. Or attempt multiple SCP domain specific records.

 If no records are returned, the application abandons SCP record lookup and proceeds to step 2 of the Autodiscover discovery process, as described in "Calling Autodiscover"article.

The Autodiscover service process for internal access

Discovering the Autodiscover Endpoint via Active Directory SCP Record Lookup

Manually Creating Service Connection Points (SCP)

Free Windows Admin Tool Kit Click here and download it now
July 20th, 2015 6:13am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics