question

ShafaquatAli-3870 avatar image
0 Votes"
ShafaquatAli-3870 asked ShafaquatAli-3870 commented

Exchange 2016 for Multiple Tree Domains

Dear Experts,

One of my client is asking to configure multiple AD Domains on single Exchange Server (2016).

Domain1.com AD Domain with PDC & ADC
Domain2.com AD Domain with PDC & ADC

Exchange Server is configured for Domain1.com and working just fine. Now client got another company and their AD infrastructure is already in place which they want to keep as they got it from the old management. But they want to just configure their existing Exchange Server for Domain2.com with their existing AD infrastructure.

I was looking on internet but I'm just getting multiple SMTP domains to be added in Exchange. there is not article about Multiple AD Domains on Exchange Server.

If anybody could shed some light on this. I would really appreciate it.

Thanks.

Ali.

office-exchange-server-administration
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @ShafaquatAli-3870

Have you referred to the suggestions below? Any progress about your question?

0 Votes 0 ·
AndyDavid avatar image
0 Votes"
AndyDavid answered AndyDavid edited

Easy! All you need to do is run:
Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAllDomains

for the CU Exchange is on now

https://docs.microsoft.com/en-us/exchange/plan-and-deploy/prepare-ad-and-domains?view=exchserver-2019

or for just that domain:

E:\Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareDomain:Domain2.com

This will give Exchange permissions to create and manage mail-enabled objects in Domain2


I assume this is all in the same AD forest...

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

joyceshen-MSFT avatar image
0 Votes"
joyceshen-MSFT answered ShafaquatAli-3870 commented

Hi @ShafaquatAli-3870

Agree with the reply above from Andy, this thread discussed the similar question as yours and some points we need to notice
Deploy Exchange 2013 in multiple domain scenario

You need to prepare the domain to accept the exchange organization into it. (Note you can't have a seperate exchange org, it will be conencted to the existing org, but with different user scope)

Make sure to follow the full preparation steps as in for the first exchange deployment.

The final step to get Active Directory ready for Exchange is to prepare each of the Active Directory domains where Exchange will be installed or where mail-enabled users will be located. This step creates additional containers and security groups, and sets permissions so that Exchange can access them.

The account you use needs permissions depending on when the domain was created:

  • Domain created after PrepareAD was run If the domain was created after you ran the PrepareAD command in step 2 above, then the account you use needs to 1) be a member of the Organization Management role group and 2) be a member of the Domain Admins group in the domain you want to prepare.

  • Wait until Active Directory has replicated the changes made in step 2 to all of your domain controllers. If you don't, you might get an error when you try to prepare the domain.

When you're ready, do the following to prepare an individual domain in your Active Directory forest for Exchange.

  1. Open a Windows Command Prompt window and go to where you downloaded the Exchange installation files.

  2. Run the following command. Include the FQDN of the domain you want to prepare. If you want to prepare the domain you're running the command in, you don't have to include the FQDN.
    Setup.exe /PrepareDomain:<FQDN of the domain you want to prepare> /IAcceptExchangeServerLicenseTerms

  3. Repeat the steps for each Active Directory domain where you'll install an Exchange server or where mail-enabled users will be located.

Note If you are joining an existing Exchange site, the account that you use to log on must have the following permissions to access the Exchange Server directory:

  • Exchange must recognize the site services account name and password.

  • The Exchange Server site naming context for the Exchange Server site you want to join.

  • Admin role on the Exchange Server configuration naming context for the Exchange Server site that you want to join.

  • A two-way trust is required between the domain where you are installing Exchange and the domain where the Exchange Server computer exists.


If an Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Sir,
Thanks for your really helpful answers.

the ADPrep resolved the issue. but now there is another issue that when we give admin the Exchange rights. He can access all the users in other domains as well. could you please help that how we will manage the rights for it ?

Thanks.

Ali.

0 Votes 0 ·
joyceshen-MSFT avatar image
0 Votes"
joyceshen-MSFT answered joyceshen-MSFT commented

Hi @ShafaquatAli-3870

We could move different company/domain people to different OU

Create RBAC with recipient read /write scope

Detailed information here: Understanding management role scopes


· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks Sir.

I will get back to you after checking.

Thanks.

Ali.

0 Votes 0 ·

Hi @ShafaquatAli-3870

Waiting for your update here!


If an Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 Votes 0 ·

Hi @ShafaquatAli-3870

Is there any progress about your issue? If an Answer is helpful, please click "Accept Answer" and upvote it.

0 Votes 0 ·