Announcement

Collapse
No announcement yet.

Trust relationships w2k3

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Trust relationships w2k3

    Hi,

    I am working for a company that is merging with another. Both companies have there own domains, but wish to 'link' together so they can share global address books etc.... We connect by vpn over 2mb sdsl (minimum). We are running w2k3 and exchnage w2k3. We use SMTP fowarding, would an Mx record also need to be added into my companies DNS settings to see the other domain ?.

    confused
    Benjapos

    MCP 70-270, 70-290, 70-291 ITIL Practitioner, Prince2 Practitioner - working on 70-284

  • #2
    Re: Trust relationships w2k3

    Well, your SMTP server needs to find an MX record for the other domain, and vice-versa. If you want the email to be routed internally, then you must have MX records for internal IP addresses. All this depends on a correct DNS setup.

    I'll assume for the moment that your internal AD domain has the same name as your external. Since you have already W2003, you can solve the DNS problem by installing conditional forwarders (or better still, stub zones) to each others domain. Also, each company needs to add MX records to each own zones, pointing to its own internal SMTP servers.

    If the internal and external domains are NOT the same the problem is a bit trickier. We would need a bit more details on your setup.

    Comment


    • #3
      Re: Trust relationships w2k3

      Our internal domain is different from external, what additional information would you need >? Please advise how to get around this.
      Benjapos

      MCP 70-270, 70-290, 70-291 ITIL Practitioner, Prince2 Practitioner - working on 70-284

      Comment


      • #4
        Re: Trust relationships w2k3

        That makes it tricky. The problem is, you will send mail to the name of the EXTERNAL domain, but it will be handled by the INTERNAL domain. That is hard to solve with traditional DNS. Looks like you need to create dedicated connectors instead.

        You can create an internet connector that is authoritative for a certain domain only, and have that relay email to a dedicated host. That's probably the way to go. Of course, you need to configure this on both sides. The domain names involved here are the external domains, of course.

        Comment


        • #5
          Re: Trust relationships w2k3

          If this were a simple config, to w2k3 domanis, with the same internal and external domain names, what are the process involved to setup a trust relationship.

          Having never done this before i don't even know the first steps to take !

          Thanking you in advance
          Benjapos

          MCP 70-270, 70-290, 70-291 ITIL Practitioner, Prince2 Practitioner - working on 70-284

          Comment


          • #6
            Re: Trust relationships w2k3

            You have lost me. First you are talking about sending email, now we are talking about trusts? Oh well.

            For a full trust you need to make it so that both domains can fully resolve each others INTERNAL DNS domains. Then, you create the trust using Active Directory Domains & Trusts.

            Comment


            • #7
              Re: Trust relationships w2k3

              I wanted to confirm how to set up the inital trust prior to email. Thanks for the advice
              Benjapos

              MCP 70-270, 70-290, 70-291 ITIL Practitioner, Prince2 Practitioner - working on 70-284

              Comment


              • #8
                Re: Trust relationships w2k3

                After the above takes place, my directors wish to have either a single global address list or two global address lists so calender items, email addesses etc can be viewed by users from each company. What would i need to do to make this possible ?
                Benjapos

                MCP 70-270, 70-290, 70-291 ITIL Practitioner, Prince2 Practitioner - working on 70-284

                Comment


                • #9
                  Re: Trust relationships w2k3

                  Bite the bullet and merge into one forest. Best long-term solution.

                  Comment


                  • #10
                    Re: Trust relationships w2k3

                    How about using MIIS (Microsoft Identity Integration Server) to synch data between the two forests?
                    I've not used MIIS much at this point, but wouldn't it be possible to sync a 'user' from one forest to a 'mailenabled contact' in the other and vice-versa?

                    This way you would get all users in both global addresslists, but only have them as users in their original domains.

                    There is a 'sneak' version called 'Identity Integration Feature Pack 1a for Microsoft Windows Server Active Directory' that may be able to handle this.

                    Otherwise I'll chime in with wkasdo..

                    //M

                    Comment


                    • #11
                      Re: Trust relationships w2k3

                      In order to ensure that the global address books, calenders are shared etc, it seems merging into one forest would be the best solutuion.

                      What would be the implication to merge into one forest. ? And how would i go about it. ?
                      Benjapos

                      MCP 70-270, 70-290, 70-291 ITIL Practitioner, Prince2 Practitioner - working on 70-284

                      Comment

                      Working...
                      X