We have two separate forests with two-way transitive trusts between them. We 
are working on consolidating them down to a single forest single domain. 
However, in the interim we want to allow Helpdesk staff from one forest (Forest 
A) to create/manage mailboxes in the other forest (Forest B). From everything 
I've read thus far the RBAC groups are all scoped Universal. When I try to 
create a custom RBAC policy it only allows me to select Universal scoped 
groups. Reading about nesting groups it appears Universal groups cannot contain 
Domain Local or 'externally trusted' user accounts. So that being the case, is 
it possible to allow a user in an externally trusted forest to have access to 
create/manage mailboxes, or would it require that a user from Forest A have an 
AD account in Forest B in order to manage mailboxes in Forest B's Exchange 
environment?

Forest Functional levels are 2008 R2
Both running Exchange 2010 SP3 (not sure specific UR levels, but minimum UR10)

Thank you for any input.
Confidentiality Notice: This is a transmission from Community Hospital of the 
Monterey Peninsula. This message and any attached documents may be confidential 
and contain information protected by state and federal medical privacy 
statutes. They are intended only for the use of the addressee. If you are not 
the intended recipient, any disclosure, copying, or distribution of this 
information is strictly prohibited. If you received this transmission in error, 
please accept our apologies and notify the sender. Thank you.

Reply via email to