Exchange on premise + separate multi-forest AD + single server

Copper Contributor

I'm struggling here a bit to understand what I need to do and everything I look for online talks about O365 hybrid deployments but who the heck wants O365 and trusts M$ with their data is beyond me.  Anyway...

 

I currently have Exchange on premise 2016 + Server 2016 in a single forest AD (companya.local).  I need to add a new company that I have full access to (companyb.local).

 

Does anyone have any resources for me to reference for making that happen?  Here's what I think I need to do:

 

  1. Create a two way trust relationship between the two domains
  2. Create a test user in companyb.local > create a mailbox for test user > try to login, send mail, etc
  3. Migrate the rest of the users and redirect e-mail
  4. ...after that I"m not sure LOL <-- I might be done BUT I'm not 100% sure.

I did find a resource which LOOKS like it's what I want to do here:  http://www.careexchange.in/cross-forest-migration-guide-exchange-2010-to-exchange-2010 but I'm not certain.  I also found another resource that seems like it might be up my alley BUT it talks about migrating computer accounts and stuff which is NOT what I want to do:  http://webcache.googleusercontent.com/search?q=cache:b60ywHDYWxYJ:https://blogs.technet.microsoft.co...

 

Each business entity although owned by the same company wants to run and maintain their own AD forests but they want to consolidate their infrastructure as much as possible and Exchange for example is the first tip toe into that water...onto a single host and the companyb.local will no longer have a server running for email in their facility.

 

Forest 1:  companya.local

Forest 2:  companyb.local

 

Exchange Server:  mail.companya.local <-- currently hosting email for companya.local

 

Desire:  host mailboxes and exchange for companya.local & companyb.local while authenticating to both domains respectively.

 

I realize there are issues with SSL certs also, I need to serve up SSL's for each company respectively so it's getting messy :)

 

Thanks!

8 Replies
You are on the right track that this is a cross forest Exchange mailbox migration where companya.local is defined as the "resource forest" since it is hosting the exchange server and "companyb.local" will be the "account forest" hosting the accounts.
Migrate Security and Distribution Groups.
Migrate Mail Enabled Contacts.
Stage the accounts from company B into company A forest.
Unlike exchange 2007, the user account does not get created during the mailbox move if it doesn't exist in company A, so you need to manually sync it first (reference:
http://www.msexchange.org/blogs/walther/news/cross-forest-mailbox-moves-using-the-exchange-managemen...)


The final end state is that the company B mailboxes will become 'Linked Mailboxes' where the user accounts in companya.local will be in a disabled state, but company A's domain controllers will still authenticate the user.
FYI: to set your expectations, please know that these network.office.com forums will only take you so far.
I recommend contacting a Microsoft Partner for assistance with this project because there are lots of 'lessons learned' that you only get from doing these and failing at them... remember you don't know what you don't know when it comes to these. If you don't have the budget for a MSFT partner to help, then I recommend doing this in a LAB so you can document the steps before you do this in production.
There is a lot to consider including what you touched on with certificates, autodiscover, DNS, firewall rules, user experience, etc, etc, etc.
You may need to first migrate Security and Distribution Groups so that after user mailboxes are migrating they don't get NDR's when replying to groups. Same with Mail Enabled Contacts, migrate those before the user mailboxes to avoid NDRs later.
Here are a few resources to look at:
https://blogs.technet.microsoft.com/meamcs/2011/06/10/exchange-2010-cross-forest-migration-step-by-s...>

Another step-by-step guide: http://www.careexchange.in/cross-forest-migration-guide-exchange-2010-to-exchange-2010/


Detailed guidance:
https://technet.microsoft.com/en-us/library/ee633491(v=exchg.150).aspx

Syntax examples: http://msexchangeguru.com/2013/11/03/e2013crossforestmigration/

Hope this helps.
Joe
Your requirement to have separate ADs and the same Exchange environment cannot work unless you use Office 365, as that option is possible.

Check out the Office 365 Trust Center for your questions on trusting them with data and security.

A resource forest is possible, but it's a complex solution and you need to consider how many of them you are planning, as it's complex with just one resource forest. The advice to get a partner who has done these before is the best advice here.

Brian I disagree with this guidance "Your requirement to have separate ADs and the same Exchange environment cannot work unless you use Office 365, as that option is possible."
Prior to Office 365, it was common practice in a merger or acquisition to perform cross forest migrations resulting in a resource forest model with linked mailboxes. You can still do this today without Office 365. I agree it is complex and a good Microsoft partner can help, but it would be false to say that Office 365 is the only option for them to consider.
That is not what I said. I said that two ADs and one Exchange Org is not possible unless using Exchange Online. The OP asked for one Exchange environment but separate ADs. If your one Exchange environment is Exchange Online then you can have one AD and sync different OUs to different tenants, but you cannot have two (or more) AD forests but a single Exchange Org.

A cross forest deployment would result in multiple ADs and multiple Exchange Orgs.

Brian,

Do you have any steps on how to perform a cross forest cutover migration from exchange 2010 to O365. We are acquiring another facility and we did a hybrid migration to O365, so I need to pull their email into our tenant before we set up a trust or migrate any AD accounts over.

If anyone has done this migration before I think I'd like to hire you hourly to help me migrate this one site. Contact me if you're interested in helping.

Dear Joe,

Could you please share any link or guideline for below requirement. Or Please confirm is it possible or not

 

1. Companya.com (PDC) server 2016

2. Companyb.com (PDC) server 2016

3. Exchange 2016 

 

Now I want to configure Exchange server for both companya and companyb. User authentication from companya and companyb. for company wise user id. 

 

Hi - would you mind please asking this question in a new post?