This Tutorial describes all steps to create a new shared E-Mail address for two different domains.
We use GALsync for sychronizing objects, a script to modify the SMTP-addresses and built-in Exchange 2010 features.
Test enviroment
4 server machines Windows 2008 R2 Standard Edition English (most recent updates)
| FQDN-Server | Funktion | IP-Nummer | Local Firewall |
| ADC.ForestA.com |
DC/GC/DNS/ Exchange 2010 SP2 |
172.20.25.100 | deactivated |
| AGS.ForestA.com | GALsync Application | 172.20.25.101 | deactivated |
| ACL.ForestA.com | Outlook 2010 Client | 172.20.25.104 | deactivated |
| BDC.ForestB.com |
DC/GC/DNS/ Exchange 2010 SP2 |
172.20.25.102 | deactivated |
| BGS.ForestB.com | GALsync Application | 172.20.25.103 | deactivated |
| BCL.ForestB.com | Outlook 2010 Client | 172.20.25.105 | deactivated |
Setup
In the first step we will setup two different mail organizations. In each mail organization we
create some mailbox-enabled user objects, mail-enabled contacts and groups. As well the mail flow is configured between the two organizations.
Configurations
1.Configure Exchange 2010 in forestA a Send-Connector to the other mail organization.
2.Configure Exchange 2010 in forestB a Send-Connector to the other mail organization.
3.Create an OU Called "GALsyncInternalAccountsA" in forestA, here you create all new objects.
4.Create an OU called §forestBImport" in forestA, here you will place all objects from forest.
5. Create a mailbox-enabled GALsyncA account in forestA
6.Make the GALsyncA Account member of the local admin group on AGS server.
7.Create 10 mailbox-activated users in forestA (i.e. UserA01, UserA02...)
8.Create 1 mail-activated universal security group: groupA01 in forestA (members: UserA01, UserA02)
9.Create 1 mail-activated universal distribution group: groupA02 in forestA (members: UserA03, UserA04)
10.Create 1 mail-activated contact: ContactA01 in forestA with an external SMTP address
11.Create 1 mail-activated mailbox: Info in forestA (and the SAME name in forestB)
12.Confugure Exchange 2010 to Route Messages between ForestA and ForestB; a Send-Connector to the Internet (if wanted) and a Send-Connector to ForestB (required).
Checks
1. GALsyncA Login with OWA and send mail to the account itself
2. GALsyncA Login with OWA and send mail to UserA01 (and response)
3.GALsyncA Login with Outlook and send mail to ContactA01
4.GALsyncA Login with Outlook and send mail to GALsyncB (and response)
5.Check if the recipient addresses are stored in MailTo cache of Outlook
6.Check if the recipient address is stored in MailTo cache of OWA
Do the same with forestB
GALsync
In the second step we setup GALsync and synchronize the directories between both organizations.
Configurations
1. Install GALsync on AGS/BGS (following vendors setup instructions)
2. Configure an export of all USERA-objects to the partner forest (using mail as transport)
3. Configure an import of all USERB-objects to the partner forest (using mail as transport)
4. Perform an export/import
Checks
1. UserA10 sends a mail with Outlook to contactB10 and UserA09 -check results
2. UserA08 sends a mail with Outlook to groupB01 and groupA01 - check results
3. Check nickname cache in Outlook-UserA10 and OLK-UserA08
Do the same with forestB
Adding new common SMTP as secondary proxyaddress
The new shared address will be @new.com
1. Configure Exchange 2010 in forestA an accepted domain for @new.com as internal relay domain
2.Configure Exchange 2010 in forestA to Route Messages fot the Shared Address Space to forestB (add @new.com to the Send-Connector)
3. Configure Exchange
4. Add @new.com as secondary address to all mail-enabled objects in forestA (if you use Address Policies, you will NOT modify contacts which have been synched by GALsync!
This is because GALsync deactivates the option "automatically update email addresses based on Email address policy")#
5. Add @new.com as secondary address to all mail-enabled objects in forestB (if you use Address Policies, you will NOT modify contacts which have been synched by GALsync!
This ist becuase GALsync deactivates the option "automatically update email addresses based on Email address policy")
6.With a new GALsync sync the secondary addresses are also transferred (in default configuration)
Checks
1.UserA01 sends a mail to Internet address - expected result: should have primary address as senders address
2.UserB01 sends a mail to Internet address - expected result: should have primary address as senders address
Comments
You are able with this confuguration to send mail to a mailbox@new.com existing in forestA or in forestB. You are NOT able to send a mail from forest to a mailbox@new.com which is placed in forestA.
If you configure in forestB @new.com as internal relay domain as well pointing to mailserver in forestA, you will produce a loop if someone sends a mail to @new.com-SMTP Address which does neither exist in forestA nor in forestB
Upcoming Question: How can a user in forestB send mail to a user in forestA?
Answer: As long as on both sides the primary address is forestA or forestB, GALsync uses this address as targetaddress.
After the secondary new.com address was made on both sides to the primary SMTP address, the following happens:
When performing from source to destination GALsync without changing the configuration, then the objects deleted in the target (as the primary address was [old SMTP] and the objects are completely regerated with their new primary SMTP address.
Similarly, the Target Address is set tp the new SMTP address, but should ne the old address as the destination is not able to send back to new.com
Attention:
It has to be sure, that the Target address is foresta.com or forestb.com and NOT new.com.
Rule for the Export from ForestA to ForestB: The Option "Modify target address with domain" (Import-Policy [ForestB], Directory Setting, EmailAddresses) has to be changed in ForestA.com
This means: The object having the target address xy@new.com is sychronized from ForestA to ForestB, but then it gets through the Import Policy in ForestB a target address domain, for which Exchange creates a SendConnector to ForestA.
Script
Write a script that exchanges in the import OU primary against secondary address. You can download a script which does this job here : smtpreplace.ps1.txt.
After the script was created, it is VERY important that you deactivate GALsync. This has to happen because if auto-sync is activated GALsync will replace User@foresta.com with user@new.com
This would be the worst case and should not happen.
Then you can start the Script on ForestA and ForestB. The script will change the secondary smtp address (new.com) with the primary SMTP-Address.
NOTE: This method does not work if you have users with the same local part in ForestA and ForestB. You have to check this before running the script because it will fail for this object.
After changing the secondary smtp-address and the primary SMTP-address of all GALsync-objects in a defined OU, the Import-Policy of GALsync has to be modified.
The Import-Policy has a feature called “Modify Target Address”, and you have to check this feature and enter the external Domain Part.
If you did all this steps, you are able to run GALsync without deleting the external SMTP-address of the objects.
Lessons learned
We have learned what we need to create a shared address space for two different forests and which problems exist.
Very important is to note, that it is not possible to do this that users in both forest can not have the same user name.
