We are currently in the process of offering an exchange 2007 resource forest solution to a potential customer. In order to create this resource forest there needs to be a one way outgoing trust from our resource forest to their account forest. In order to do this we need an account in their forest that has certain rights. I understand that Microsoft has created the Incoming Forest Trust Builders group to do just this. Next if we want to create an linked mailbox and specifically link it to an user account in the account forest we need an account to access the domain controller in the account forest. My question is what permissions does an account like this need? Obviously Domain admin rights will do the trick but I would like to know the minimum rights needed to access there domain controller. What we need to do is browse their AD for the master account of this linked mailbox. Any thoughts on the minimum permissions needed?

I hope below article will gve some idea of your requirements http://www.msexchange.org/articles_tutorials/exchange-server-2007/planning-architecture/deploying-exchange-resource-forest-part1.html Vinod |CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|

Thanks I already found that document. But sadly it does not specify the permissions the account needs in the customer account AD to link the mailbox to the account. It assumes the administrator account for that domain can be used, which is not an option (also not really secure as well). I assume it only needs read permissions, but the details elude me.