How to Deploy Exchange 2007 in an Exchange Resource Forest Topology

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.


Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3

This topic explains how to deploy Microsoft Exchange Server 2007 in an Exchange resource forest topology. An Exchange resource forest is also called a dedicated Exchange forest.

This topic assumes that you do not have an existing Exchange Server 2003 or Exchange 2000 Server topology. If you have an existing Exchange topology, and you want to upgrade to Exchange 2007, see Upgrading to Exchange 2007.

Before You Begin

Before you begin, confirm the following:

  • You have the following two Active Directory directory service forests:

    • One forest contains the user accounts for your organization. In this procedure, this forest is called the accounts forest.

    • One forest does not contain user accounts and does not yet have Exchange installed. In this procedure, this forest is called the Exchange forest. You will install Exchange 2007 in this forest in the procedure below.

  • You have correctly configured Domain Name System (DNS) for name resolution across forests in your organization. To check that you have DNS configured correctly, ping each forest from the other forest or forests in your organization. For more information about configuring DNS, see the DNS Operations Guide.


To deploy Exchange 2007 in an Exchange resource forest topology

  1. From a domain controller in the Exchange forest, create an outgoing one-way trust for both forests so that each forest trusts the other forest. For detailed steps, see Create a one-way, outgoing, forest trust for both sides of the trust.


    Although we recommend that you create a forest trust, you can create either a forest trust or an external trust. If you create an external trust, when you create linked mailboxes in Step 3, on the Master Account page of the New Mailbox wizard, you must specify a user account that can access the domain controller in the trusted forest. You cannot use the credentials with which you are currently logged on. If you create linked mailboxes by using the New-Mailbox cmdlet, you must specify a user account that can access the domain controller in the trusted forest by using the LinkedCredential parameter.

  2. In the Exchange forest, install Exchange 2007. Install Exchange the same way that you would in a single forest scenario. For detailed steps about how to install Exchange 2007, see one of the following topics:

  3. In the Exchange forest, for each user in the accounts forest that will have a mailbox in the Exchange forest, create a mailbox that is associated with an external account. For detailed steps, see How to Create a Linked Mailbox.

For More Information

For more information about Microsoft Windows Server 2003 trusts, see Administering Domain and Forest Trusts.