Pros and cons of multiple Exchange Server organizations

Please let others know how useful this tip is via the rating scale at the end of it. Do you have a useful Exchange or Outlook tip, timesaver or workaround to share? Submit it to our tip contest and you could win

    Requires Free Membership to View

a prize.
With Exchange Server, you are limited to one Exchange organization per forest, and an Exchange organization cannot span multiple forests. This limitation can cause problems in a multi-forest deployment -- but there are advantages to consider as well.

In this tip, I explain those advantages and discuss drawbacks you should also consider before deploying a multiple-forest Windows architecture.

Advantages of Exchange Server in a multi-forest deployment

From a Microsoft Exchange perspective, the most obvious advantage of a multi-forest deployment is that you can achieve true separation of administrative responsibilities.

As an Exchange administrator, this means that you don't have to worry about an administrator from a different forest tampering with your Exchange servers. Best of all, you never have to worry about having an administrator from another forest seizing control of your local forest.

Having separate forests also allows you to do things that would otherwise be impossible. One example is if you're running Exchange Server 2003 in native mode, and a newly acquired company is running Exchange 5.5 -- you can't just bring the Exchange 5.5 servers into your organization, because native mode forbids it.

There are a few different ways you could bring those Exchange 5.5 user mailboxes into your Exchange organization, but they are somewhat complicated and involve a lot of work. In a situation such as this, it is sometimes easier to let the acquired company continue to exist as its own separate forest and Exchange organization.

If users in one forest need to access data in the other forest, you could always just set up a cross-forest trust that would allow them to do so. You could maintain the separate forests indefinitely, or until you could get everybody on the same version of Exchange Server.

Disadvantages of Exchange Server in a multi-forest deployment

The separation imposed by a multi-forest deployment can be a management headache for organizations with multiple Exchange Server organizations, but only one Exchange administrator.

The disadvantages go beyond management issues though. In Microsoft Exchange, users with mailboxes in different forests are treated as outsiders. For example, a user cannot delegate mailbox access to a user with an account in a separate forest.

And since Exchange is completely dependent on Active Directory, which is limited by a forest's boundaries, users in one forest cannot access mailboxes in another forest. (A mailbox is simply an attribute of a user account, so user objects and mailboxes always stay together.)

Calendaring is also affected by multi-forest deployments. If a user wants to schedule a meeting with someone in a different forest, they can use Schedule+ to synchronize free and busy times across forest boundaries and find a meeting time that works for both parties. But the user who wants to schedule the meeting cannot view a user's calendar in a different forest to see the details of that person's schedule.

Another drawback involves Outlook Web Access (OWA). Microsoft recommends running OWA in a front-end/back-end configuration; the front-end OWA server acts as a message proxy so the back-end server, which contains the information store, is never exposed to the Internet.

OWA works in a multiple forest deployment, but the front-end server can only act as a proxy for back-end servers in the same forest. This limitation also applies to Outlook Mobile Access front-end/back-end configurations.

About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Exchange Server, and has previously received Microsoft's MVP award for Windows Server and IIS. Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at http://www.brienposey.com.

Do you have comments on this tip? Let us know.
Related information from the TechTarget Windows Network:

  • SearchExchange.com Ask the Expert: Building an Exchange Server resource forest
  • SearchExchange.com Ask the Expert: Synchronizing two Active Directory domains
  • SearchWin2000.com Learning Guide: Planning and designing your Active Directory
  • SearchExchange.com Reference Center: Exchange Server and Active Directory tips and resources

    This was first published in January 2006

  • There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.