We have two separate forests with two-way transitive trusts between them. We
are working on consolidating them down to a single forest single domain.
However, in the interim we want to allow Helpdesk staff from one forest (Forest
A) to create/manage mailboxes in the other forest (Forest B). From everything
I've read thus far the RBAC groups are all scoped Universal. When I try to
create a custom RBAC policy it only allows me to select Universal scoped
groups. Reading about nesting groups it appears Universal groups cannot contain
Domain Local or 'externally trusted' user accounts. So that being the case, is
it possible to allow a user in an externally trusted forest to have access to
create/manage mailboxes, or would it require that a user from Forest A have an
AD account in Forest B in order to manage mailboxes in Forest B's Exchange
Forest Functional levels are 2008 R2
Both running Exchange 2010 SP3 (not sure specific UR levels, but minimum UR10)
Thank you for any input.
Confidentiality Notice: This is a transmission from Community Hospital of the
Monterey Peninsula. This message and any attached documents may be confidential
and contain information protected by state and federal medical privacy
statutes. They are intended only for the use of the addressee. If you are not
the intended recipient, any disclosure, copying, or distribution of this
information is strictly prohibited. If you received this transmission in error,
please accept our apologies and notify the sender. Thank you.