To continue reading for free, register below or login
To read more you must become a member of SearchExchange.com
If Domain A trusts Domain B, you should just be able to give all the Domain B accounts rights to access the Domain A mailboxes. That way, you don't need to worry about the passwords for Domain A accounts. In other words, the only accounts you'd need to manage for the time being are Domain B accounts. To set this up:
- Launch Active Directory Users and Computers (ADUC) on a machine with Exchange System Manager installed and connected to Domain _.
- View the properties of each mailbox and switch to the Exchange Advanced tab. (If you don't see this tab in ADUC, see KB article 326894, How to Access the Exchange Advanced Tab in Active Directory Users and Computers).
- Now select Mailbox Rights.
- Make sure the Domain B account is added to the list of security principals having access (typically only "self") in order to facilitate the two-domain coexistence scenario.
Essentially, you're asking how to simplify management of your users' identities across multiple accounts and passwords. Various solutions exist focused on identity management. Microsoft has a solution called Microsoft Identity Integration Server (MIIS) that permits exactly what you're asking, namely synchronization of passwords across multiple domains as you described.
More importantly, in your case, I believe you can use a free scaled down version of MIIS called the Identity Integration Feature Pack 1a for Microsoft Windows Server Active Directory, which can synchronize passwords across Active Directory, ADAM and Exchange Server environments. You'll also want to install the update.
If you want a more sophisticated solution that will do all this plus assist once you start migrating users from Domain B into Domain A, I suggest looking at third-party migration solutions.
Do you have comments on this Ask the Expert Q&A? Let us know.
|
