Hello everyone, in this article we are going to look how the mail flow working between two organization.
Here we are going to have two test environment to perform this task, one is exchange 2007 organization and another one is exchange 2010. In this first part we are going to cover how to make a forest trust between two different AD forest which is important to flow mails between two organization.
DC01-EXCH-2K7 EXCH-2K7 DC-01-EXCH-2K10 EXCH-2k10
- You can create forest trust between two windows server 2003 forests, and it is not extended
- You should raise your forest functional level to windows server 2003 which will get rid of your windows NT and Windows 2000 servers from the environment
- Create conditional forwarders in each DNS namespace to route queries for names in the other namespace
- If you have the appropriate administrative credentials for each forest, you can create both sides of a forest trust at the same time else you have to ask your partner domain admin to do so
- To raise the forest functional level, you must be a member of the Enterprise Administrators group
Note : once you raised domain/forest functional level to higher it will not be downgrade
Steps: Start –> Run –> domain.msc –> Right click the active directory domains and trust –> Click raise forest functional level–> choose window server 2003 –> Raise
I’ve done this for both MyLab01.com and MyLab02.com
Now going to set DNS conditional forwarders for both the domains to resolve the IP:
Steps: Start–> Run –> dnsmgmt.msc –> Properties of DNS server –> Choose forwarders –> add your destination nameserver address under the Selected domain’s forwarder IP address list –> Apply–> Ok
The same I’ve done it in both the DC’s as you can see in below Figures:
Here 10.0.0.101 is MyLab02.com DC’s IP address.
Here 10.0.0.1 is MyLab01.com DC’s IP address.
Now we have prepared our both forest to create a forest trust between each other, lets start:
Steps: Performing below task on DC01-EXCH-2K7
Start–> Run–> Domain.msc–> Right click Active Directory Domains and Trusts –> Click Trusts –> New Trust
Since we are creating forest trust on MyLab01 domain here mentioning target domain name.
Choose Forest trust
Choose two-way direction trust
Choosing Both this domain and the specified domain because I have the valid credential of MyLab02 domain;-)
Here you have to provide the specified domain credentials (MyLab02 domain in this scenario)
I need to authenticate all resources in the local forest so choosing first option
Vise versa need to access all resources in the MyLab02 forest
Summary of the New Trust which we are about to create
As you can see trust has been created successfully, after this you can ignore the trust testing wizards.
Done!!! We will be covering mail flow transaction in next part of the article.