Michael, this is probably my lack of understanding how Exchange really operates underneath, but with the Forest trust we can do a lot with ADS user objects, is there a reason Exchange doesn’t allow us to tie back to an ADS User object from an external (trusted) Forest? I’ve seen during Exchange installs you can deploy Exchange without tying it to AD, so does Exchange have its own authentication mechanism that doesn’t allow the same sort of Cross-forest functionality for AD user objects?
For the sake of expanding my knowledge: Is there a different way to marry the two Exchange servers and allow their request of having a user in one domain manage a DG in another? Thanks, Geoff From: [email protected] [mailto:[email protected]] On Behalf Of Michael B. Smith Sent: Wednesday, August 19, 2015 9:54 AM To: [email protected] Subject: RE: [Exchange] RE: Managing Distribution Groups: I wouldn’t expect it to. The system would expand the group, find the contact, and again – no security principal. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Candee Sent: Wednesday, August 19, 2015 12:48 PM To: [email protected]<mailto:[email protected]> Subject: Re: [Exchange] RE: Managing Distribution Groups: Would it work if you created a local security group and added the contact to that? I haven't tried it, I'm just curious. On Wed, Aug 19, 2015 at 12:43 PM, Michael B. Smith <[email protected]<mailto:[email protected]>> wrote: I don’t think a mail-contact is actually ever able to manage a DG. It doesn’t tie back to a security principal. All of the others do. From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Orlebeck, Geoffrey Sent: Wednesday, August 19, 2015 12:14 PM To: '[email protected]<mailto:[email protected]>' Subject: [Exchange] Managing Distribution Groups: Is it possible to grant a Cross-forest mail contact rights to manage a Distribution Group? We have two companies running on premise Exchange 2010 SP3 UR7. There is a two-way transitive AD trust and we are running Forefront Identity Manager 2010 with GALSync to create a unified GAL for both Forests. Someone requested to allow a user in DomainA to manage a Distribution Group in DomainB. From what I read, it may not be possible, as the “Recipient Type” has to be one of the following to manage a Distribution Group: • User Mailbox • Legacy Mailbox • Shared Mailbox • Mail User • Linked Mailbox • Remote User Mailbox • Remote Shared Mailbox • User • MailContact <-- This is the one I am wondering if ‘Cross-forest Mail Contact’ does not fall under that category. Thank you in advance for any help. -Geoff Confidentiality Notice: This is a transmission from Community Hospital of the Monterey Peninsula. This message and any attached documents may be confidential and contain information protected by state and federal medical privacy statutes. They are intended only for the use of the addressee. If you are not the intended recipient, any disclosure, copying, or distribution of this information is strictly prohibited. If you received this transmission in error, please accept our apologies and notify the sender. Thank you. Confidentiality Notice: This is a transmission from Community Hospital of the Monterey Peninsula. This message and any attached documents may be confidential and contain information protected by state and federal medical privacy statutes. They are intended only for the use of the addressee. If you are not the intended recipient, any disclosure, copying, or distribution of this information is strictly prohibited. If you received this transmission in error, please accept our apologies and notify the sender. Thank you.
