There a company ABC with domain ABC.com and emails as roger@ABC.com My company is a subsidary of ABC and is called XYZ. We have AD server in common with ABC and mail as john@XYZ.ABC.com Also MS Echange server is in common. It contains both the emails @ABC.com and @XYZ.ABC.com In this situation ABC administrative group has full control of Echange server and can read all the mails. The XYZ administrator has no grants at all. Now my question is: if we want to have a reasonable email confidentialy (ABC admins read ABS mail only) what are we supposed to propose? If we had a separated Exchange box, would it be sufficient? Or is it necessary to have another AD server too? Where does the problem com from? from the forest settings? Can anybody give me some suggestions? Thank you

You might consider Rights Management Server. Or something like PGP so that private messages can be encrypted between the sender before being sent, and decrypted after receipt.-- Ed Crowley MVP"There are seldom good technological solutions to behavioral problems.". "Franci_" wrote in message news:71b2e054-9213-4886-bea1-2103f6fc767f... There a company ABC with domain ABC.com and emails as roger@ABC.com My company is a subsidary of ABC and is called XYZ. We have AD server in common with ABC and mail as john@XYZ.ABC.com Also MS Echange server is in common. It contains both the emails @ABC.com and @XYZ.ABC.com In this situation ABC administrative group has full control of Echange server and can read all the mails. The XYZ administrator has no grants at all. Now my question is: if we want to have a reasonable email confidentialy (ABC admins read ABS mail only) what are we supposed to propose? If we had a separated Exchange box, would it be sufficient? Or is it necessary to have another AD server too? Where does the problem com from? from the forest settings? Can anybody give me some suggestions? Thank you Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Ultimately if privacy is a requirement, you need a separate resource forest (AD +Exchange servers) if only to be able to own control of the auditing of access. You could also move to BPOS for your organization and the mail would be out in the cloud instead of at rest on the ABC owned hardware.

Ultimately if privacy is a requirement, you need a separate resource forest (AD +Exchange servers) if only to be able to own control of the auditing of access. You could also move to BPOS for your organization and the mail would be out in the cloud instead of at rest on the ABC owned hardware. For BPOS you mean Business Productivity Online Standard Suite i.e. you delegate services to Microsoft?For AD+Exchange: so you mean it is simply impossible to block administrators of the main office? only solution is to have your own AD+mail system...Thank you

It's not impossible if you block everyone from being a domain administrator like I posted. But it might be nearly unworkable. The Exchange forest is often promoted as the solution for this dilemma, though I've never implemented it myself.-- Ed Crowley MVP"There are seldom good technological solutions to behavioral problems.". "Franci_" wrote in message news:85881f2f-41fa-41ab-a417-02c03390a9e8... Ultimately if privacy is a requirement, you need a separate resource forest (AD +Exchange servers) if only to be able to own control of the auditing of access. You could also move to BPOS for your organization and the mail would be out in the cloud instead of at rest on the ABC owned hardware.For BPOS you mean Business Productivity Online Standard Suite i.e. you delegate services to Microsoft?For AD+Exchange: so you mean it is simply impossible to block administrators of the main office? only solution is to have your own AD+mail system...Thank you Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

On-promise exchange product is not the recommended or supported product for hosting multiple companies’ mail service, Andy has provided two options for you Yes, you are correct about the BPOS product James Luo TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx) If you have any feedback on our support, please contact tngfb@microsoft.com