I have been trying to figure something out.
The lab.
Windows 2003 domain with Exchange 2003.
Windows 2008 R2 domain with and empty root and a subdomain.
Root.local – empty root
Ad.ourdomain.net – working domain.
This has been configured with Infoblox domain server not windows.
We have three dns zones, root.local, ourdomain.net, ad.ourdomain.net.
There is no actual domain ourdomain.net.
So I have both Exchange servers running. I created a prf file that points to the cas array in the new domain. When the outlook client gets redirected, he gets asked for the credentials ofuser@ad.ourdomain.net even though his upn isuser@ourdomain.net . I can put in the credentials and it works but we want the account to automatically login.
The CAS authentication is default and has not been changed.
We chose to use FIM to replicate the exchange attributes, ADMT for the password sync and sid history then newmovereqeust. The mailbox works and we can log in. Both accounts are active in both domains.
We were hoping the with the sid history of the migrated account being replicated to the new account would allow direct access the new account in the new domain without having to login again.
I see that we can’t just assign permissions from an external domain to the ex2010 account as in previous versions. I know we can create a linked account but that would force us to disable the account in the new domain and I can’t assign permissions from the other forest through the exchange permissions or manage full mailbox access.
Is this at all possible?
Any suggestions would be appreciated seeing this part of it is all new to me.
Thanks
Paul