How to Create a User Account in Another Forest with Send As Permissions

 

This topic explains how to create a user account in another forest with Send As permissions. This topic is the first step of a procedure to enable cross-forest authentication.

Procedure

To create a user account in another forest with Send As permissions

1. In the destination forest, which is the forest to which you are connecting, create a user account in Active Directory Users and Computers. This account must be an active account, but it does not require the following permissions:

   • Log on locally

   • Log on through terminal server

2. On each Exchange Server that will accept incoming connections from the connecting forest, configure Send As permissions for this account.

   Note

   Be careful when creating the password policy. If you set the password to expire, ensure that you have a policy in place that changes the password before its expiration date. If the password for this account expires, cross-forest authentication will fail.

   1. Click Start, point to All Programs, point to Microsoft Exchange, and then click System Manager.

   2. In Exchange System Manager, in the console tree, expand Servers, right-click an Exchange server that will accept incoming connections from the connecting forest, and then click Properties.

   3. In Server Name Properties, on the Security tab, click Add.

   4. In Select Users, Computers, or Groups, add the account that you just created, and then click OK.

   5. On the Security tab, under Group or user names, select the account.

   6. Under Permissions, next to Send As, select the Allow check box.

      Allowing the Send As permission

      

For More Information

For more information, see How to Enable Cross-Forest SMTP Authentication.