Tags

, , ,


Hello everyone, in this article we are going to look how the mail flow working between two organization.

Here we are going to have two test environment to perform this task, one is exchange 2007 organization and another one is exchange 2010. In this first part we are going to cover how to make a forest trust between two different AD forest which is important to flow mails between two organization.

Setup:

MyLab01.com                                                                   MyLab02.com

DC01-EXCH-2K7              EXCH-2K7             DC-01-EXCH-2K10     EXCH-2k10

Requirements:

  • You can create forest trust between two windows server 2003 forests, and it is not extended
  • You should raise your forest functional level to windows server 2003 which will get rid of your windows NT and Windows 2000 servers from the environment
  • Create conditional forwarders in each DNS namespace to route queries for names in the other namespace
  • If you have the appropriate administrative credentials for each forest, you can create both sides of a forest trust at the same time else you have to ask your partner domain admin to do so
  • To raise the forest functional level, you must be a member of the Enterprise Administrators group

More ref: http://technet.microsoft.com/en-us/library/cc776940(WS.10).aspx

Note : once you raised domain/forest functional level to higher it will not be downgrade

Steps: Start –> Run –> domain.msc –> Right click the active directory domains and trust –> Click raise forest functional level–> choose window server 2003 –> Raise

I’ve done this for both MyLab01.com and MyLab02.com

MyLab01.com

MyLab02.com

Now going to set DNS conditional forwarders for both the domains to resolve the IP:

Steps: Start–> Run –> dnsmgmt.msc –> Properties of DNS server –> Choose forwarders –> add your destination nameserver address under the Selected domain’s forwarder IP address list –> Apply–> Ok

The same I’ve done it in both the DC’s as you can see in below Figures:

MyLab01.com

Here 10.0.0.101 is MyLab02.com DC’s IP address.

MyLab02.com

Here 10.0.0.1 is MyLab01.com DC’s IP address.

Now we have prepared our both forest to create a forest trust between each other, lets start:

Steps: Performing below task on DC01-EXCH-2K7

Start–> Run–> Domain.msc–> Right click Active Directory Domains and Trusts –> Click Trusts –> New Trust


Click Next


Since we are creating forest trust on MyLab01 domain here mentioning target domain name.

Choose Forest trust

Choose two-way direction trust

Choosing Both this domain and the specified domain because I have the valid credential of MyLab02 domain;-)

Here you have to provide the specified domain credentials (MyLab02 domain in this scenario)

I need to authenticate all resources in the local forest so choosing first option

Vise versa need to access all resources in the MyLab02 forest

Summary of the New Trust which we are about to create

As you can see trust has been created successfully, after this you can ignore the trust testing wizards.

Done!!! We will be covering mail flow transaction in next part of the article.

Advertisements