How to Create a Connector and Require Authentication for Cross-Forest Authentication

 

This topic explains how to create a user account in another forest with Send As permissions. This topic is the second step of a procedure to enable cross-forest authentication.

Before You Begin

Before you perform the procedures in this topic, read the following scenario. Consider a two-forest environment for A. Datum Corporation and Fabrikam, Inc. Both of these forests are single domain forests using the domains of adatum.com and fabrikam.com, respectively. To allow cross-forest mail collaboration, all users in the Adatum forest are represented as contacts in the Fabrikam forest's Active Directory. Likewise, all users in the Fabrikam forest are represented as contacts in Adatum forest's Active Directory.

This procedure describes how to create a connector on an Exchange Server in the Adatum forest.

To successfully complete this procedure in this topic, confirm that you have created an account with the proper permissions in the destination forest.

Procedure

To create a connector and require authentication for cross-forest authentication

1. Click Start, point to All Programs, point to Microsoft Exchange, and then click System Manager.

2. In the console tree, right-click Connectors, point to New, and then click SMTP Connector.

3. On the General tab, in the Name box, type a name for the connector.

4. Click Forward all mail through this connector to the following smart hosts, and then type the fully qualified domain name or IP address of the receiving bridgehead server.

5. Click Add to select a local bridgehead server and SMTP virtual server to host the connector.

   The General tab in an SMTP virtual server's Properties dialog box

   

6. On the Address Space tab, click Add, select SMTP, and then click OK.

7. In Internet Address Space Properties, type the domain of the forest to which you want to connect, and then click OK. In this example, because the connector is sending from the Adatum forest to the Fabrikam forest, the address space matches the domain for the forest, fabrikam.com.

   The Internet Address Space Properties dialog box

   

   Exchange will now route all e-mail messages that are destined to fabrikam.com (the Fabrikam forest) through this connector.

8. On the Advanced tab, click Outbound Security.

9. Click Integrated Windows Authentication.

   The Integrated Windows Authentication button in the Outbound Security dialog box

   

10. Click Modify.

11. In Outbound Connection Credentials, in the Account, Password, and Confirm password boxes, specify an account and password in the destination forest (in this example, Fabrikam) that has Send As permissions and is an authenticated Fabrikam account. Use the following format for the account name: domain\username, where:

    • domain is a domain in the destination forest.

    • username represents an account in the destination forest with Send As permissions on all Exchange Servers in the destination forest that will accept e-mail messages from this connector.

    The Outbound Connection Credentials dialog box

    

12. Click OK.

For More Information

For more information, see How to Enable Cross-Forest SMTP Authentication.