In any BackOffice system, all objects have to exist within a security context. All communications (the movement of bits) has to take place within a security context. In 5.5 and earlier, the security context is provisioned or enforced independently of the existence of an Exchange Store mailbox. In E2K it is not. A box must be linked to an AD entry.
So, in 5.5 and earlier, if a trust has been created, and the comlink is up at the time of mailbox creation (oh yes, it has to be resolved!!!) then you can indeed assign a mailbox to a security context on the other side of the trust "barrier." In some ways, this is no different from what happens in the AD, in that you can establish trusts or use certificates between forests. But I think you will find that the AD service has the ability to cache trust data in a way that SAM could not, thus enabling some resolutions to occur (if the right data is in the cache) even if a comlink is down. One other small tidbit. In order to make the architectures of SAM and AD easier to understand, Microsoft uses context specific terms for things that are not really different. SAM has the ability to redirect a request to another SAM. It can do this to two levels. It can't do it to a third. The AD works the same way, except it can permit greater levels of nesting in one narrow instance (i.e. the request cannot be redirected again once it has crossed a trust boundary). We can give a specific machine the ability to look to another specific machine's SAM or AD for data, we call that "joining a domain." If the second machine relays the request a second time, we say that that other machine (obviously a PDC or BDC) has a trust relationship. But, it is really the exact same thing. There is no meaningful difference between a trust and domain membership, or being in a forest. "Maybe" was the right answer. -----Original Message----- From: Dupler, Craig Sent: Thursday, November 14, 2002 9:23 AM To: Exchange Discussions Subject: RE: Domain Trusts and Exchange Accounts Maybe. -----Original Message----- From: Erik Vesneski [mailto:erik@;epicentric.com] Sent: Thursday, November 14, 2002 6:43 AM To: Exchange Discussions Subject: Domain Trusts and Exchange Accounts Hi, If you have two domains and they fully trust each other can an NT account in domain a be mapped to an exchange account in domain b? Regards, Erik L. Vesneski Director - Information Technology www.epicentric.com _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:leave-exchange@;ls.swynk.com Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:leave-exchange@;ls.swynk.com Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:leave-exchange@;ls.swynk.com Exchange List admin: [EMAIL PROTECTED]
