Please let others know how useful this tip is via the rating scale at the end of it. Do you have a useful Exchange...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
or Outlook tip, timesaver or workaround to share? Submit it to our tip contest and you could win a prize.
With Exchange Server, you are limited to one Exchange organization per forest, and an Exchange organization cannot span multiple forests. This limitation can cause problems in a multi-forest deployment -- but there are advantages to consider as well.
In this tip, I explain those advantages and discuss drawbacks you should also consider before deploying a multiple-forest Windows architecture.
Advantages of Exchange Server in a multi-forest deployment
From a Microsoft Exchange perspective, the most obvious advantage of a multi-forest deployment is that you can achieve true separation of administrative responsibilities.
As an Exchange administrator, this means that you don't have to worry about an administrator from a different forest tampering with your Exchange servers. Best of all, you never have to worry about having an administrator from another forest seizing control of your local forest.
Having separate forests also allows you to do things that would otherwise be impossible. One example is if you're running Exchange Server 2003 in native mode, and a newly acquired company is running Exchange 5.5 -- you can't just bring the Exchange 5.5 servers into your organization, because native mode forbids it.
There are a few different ways you could bring those Exchange 5.5 user mailboxes into your Exchange organization, but they are somewhat complicated and involve a lot of work. In a situation such as this, it is sometimes easier to let the acquired company continue to exist as its own separate forest and Exchange organization.
If users in one forest need to access data in the other forest, you could always just set up a cross-forest trust that would allow them to do so. You could maintain the separate forests indefinitely, or until you could get everybody on the same version of Exchange Server.
Disadvantages of Exchange Server in a multi-forest deployment
The separation imposed by a multi-forest deployment can be a management headache for organizations with multiple Exchange Server organizations, but only one Exchange administrator.
The disadvantages go beyond management issues though. In Microsoft Exchange, users with mailboxes in different forests are treated as outsiders. For example, a user cannot delegate mailbox access to a user with an account in a separate forest.
And since Exchange is completely dependent on Active Directory, which is limited by a forest's boundaries, users in one forest cannot access mailboxes in another forest. (A mailbox is simply an attribute of a user account, so user objects and mailboxes always stay together.)
Calendaring is also affected by multi-forest deployments. If a user wants to schedule a meeting with someone in a different forest, they can use Schedule+ to synchronize free and busy times across forest boundaries and find a meeting time that works for both parties. But the user who wants to schedule the meeting cannot view a user's calendar in a different forest to see the details of that person's schedule.
Another drawback involves Outlook Web Access (OWA). Microsoft recommends running OWA in a front-end/back-end configuration; the front-end OWA server acts as a message proxy so the back-end server, which contains the information store, is never exposed to the Internet.
OWA works in a multiple forest deployment, but the front-end server can only act as a proxy for back-end servers in the same forest. This limitation also applies to Outlook Mobile Access front-end/back-end configurations.
About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Exchange Server, and has previously received Microsoft's MVP award for Windows Server and IIS. Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at http://www.brienposey.com.
- SearchExchange.com Ask the Expert: Building an Exchange Server resource forest
- SearchExchange.com Ask the Expert: Synchronizing two Active Directory domains
- SearchWin2000.com Learning Guide: Planning and designing your Active Directory
- SearchExchange.com Reference Center: Exchange Server and Active Directory tips and resources
Dig Deeper on Microsoft Exchange Server and Active Directory