Deploy Exchange 2010 in a Cross-Forest Topology
[Cette rubrique est en cours de rédaction.]
S'applique à : Exchange Server 2010
Dernière rubrique modifiée : 2009-12-09
This topic explains how to deploy Exchange 2010 in a cross-forest topology using ILM 2007 Feature Pack 1. To deploy Exchange 2010 in a cross-forest topology, you must first install Exchange 2010 in each forest, and then connect the forests so that users can see address and availability data across the forests.
This topic does not describe how to deploy Exchange 2010 in a dedicated Exchange forest (or resource forest) topology. For more information about how to deploy Exchange 2010 in a resource forest topology, see Déployer Exchange 2010 dans une topologie de forêt de ressources Exchange.
What do you want to do?
- Deploy Exchange 2010 in a cross-forest topology with ILM 2007 Feature Pack 1
- Configure a GAL Synchronization management agent with ILM 2007 Feature Pack 1
GAL Synchronization and ILM
To synchronize the GALs in Exchange Exchange 2010, we recommend that you use ILM 2007 Feature Pack 1. The GAL synchronization management agent in ILM 2007 Feature Pack 1 will call the Update-Recipient cmdlet automatically. To finish provisioning recipients that are created by ILM 2007 Feature Pack 1 GAL synchronization, you do not need to perform additional steps.
To learn more about ILM 2007, see Microsoft Identity Lifecycle Manager 2007 Product Overview.
Prerequisites for Exchange 2010
To perform the following procedure in Exchange 2010, confirm the following:
- You have correctly configured Domain Name System (DNS) for name resolution across forests in your organization. To verify that DNS is configured correctly, use the Ping tool to test connectivity to each forest from the other forests in your organization and from the server on which you will run the GALSync agent.
- The GALSync MA communicates with E14 forest using Powershell V2.0 RTM. Make sure Powershell v1.0 isn't installed on this computer by going to Control Panel, and then clicking on Programs and Features.
- Ensure that Windows Remote Management has not been installed by Windows Update.
- Install Windows Powershell and Windows Remote Management, but going here: Description of the Windows Management Framework on Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
Deploy Exchange 2010 in a cross-forest topology with ILM 2007 Feature Pack 1
In each forest, install Exchange 2010 separately. To install Exchange 2010, perform the same steps that you would if you were installing Exchange 2010 in a single forest topology. For detailed steps, see one of the following topics:
- Installer Exchange Server 2010
- Effectuer une installation d'Exchange 2010 personnalisée
Remarque : This topic assumes that you don't have an existing Exchange 2007 or Exchange Server 2003 topology. If you do have an existing Exchange topology and you want to upgrade, see Upgrade to Exchange 2010.
In each forest, use Active Directory Users and Computers to create a container in which ILM will create contacts for each mailbox from the other forest. We recommend that you name this container FromILM. To create the container, select the domain in which you want to create the container, right-click the domain, select New, and then select Organizational Unit. In New Object - Organizational Unit, type FromILM, and then click OK.
Create a GALSync management agent for each forest by using ILM 2007 Feature Pack 1. This allows you to synchronize the users in each forest and create a common GAL. For detailed steps, see the procedure "To configure a GAL Synchronization management agent with ILM 2007 Feature Pack 1" later in this topic.
Enable GALSync. To do this, in the main ILM Identity Manager window, click Tools, click Options, and then select the Enable Provisioning Rules Extension check box. Click OK.
Create an SMTP Send connector in each of the forests. For detailed steps, see Configurer des connecteurs inter-forêts.
In each forest, enable the Availability service so that users in each forest can view free/busy data about users in the other forest. For more information, see Gestion du service de disponibilité.
Remarque : The Availability service is supported only for Office Outlook 2007 clients. If you require that mail can be relayed through any forest in your organization, you must configure a domain in that forest as an authoritative domain. For detailed steps, see Procédure de configuration d’Exchange 2010 pour accepter des messages électroniques pour plusieurs domaines faisant autorité.
Move mailboxes from your existing Exchange 2003 or Exchange 2007 servers to the new Exchange 2010 Mailbox servers in each forest. For detailed steps, see Créer une demande de déplacement héritée à distance où l'une des forêts ne possède pas Exchange 2010.
Configure a GAL Synchronization management agent with ILM 2007 Feature Pack 1
In ILM 2007 Feature Pack 1, select Management Agents from the toolbar, and then under Actions, click Create.
On the Create Management Agent page, under Management agent for, select Active Directory global address list (GAL).
In the Name box, type a name for this management agent. When creating the name, we recommend that you include the name of the source forest from which this management agent will gather recipient information.
In the Description box, type a description for this management agent, and then click Next.
On the Connect to Active Directory Forest page, complete the following fields:
- Forest name Name of the source forest.
- User name and Password User name and password of an account that has permission to read schema information from the source forest.
- Domain Domain for the specified account.
Remarque : You can also enter the user name as <user>@<domain> and leave the domain field blank.
Click Next.
On the Configure Directory Partitions page, select the directory partitions on the source forest from which you want to project data to a destination forest.
On the Configure Directory Partitions page, click Containers.
On the Select Containers page, clear the top-level check box for the directory partition, select the containers for which this management agent will gather and store information, and then click OK. Be sure to select the container in which ILM will create contacts for each mailbox from the other forest, such as the FromILM container.
On the Configure Directory Partitions page, click Next.
On the Configure GAL page, click Target, and then select the container in which the contacts from other forests will reside in the target forest.
On the Configure GAL page, click Source, and then select the container in which other forests' objects that are synchronized to the target forest will reside.
Under Exchange configuration, click Edit to specify at least one Simple Mail Transfer Protocol (SMTP) e-mail suffix that is managed in the source forest. Click Next.
On the Select Object Types page, click Next.
On the Select Attributes page, click Next.
On the Configure Connector Filter page, click Next.
On the Configure Join and Projection Rules page, click Next.
On the Configure Attributes Flow page, click Next.
On the Configure Deprovisioning page, click Next.
On the Configure Extensions page, under Configure partition display name(s): section, next to Provision for:, select Exchange 2010. If you select Exchange 2010, you will see the Exchange 2010 RPS URI field. Enter the URI of an Exchange 2010 Client Access server to make sure the Remote Powershell connection is functioning. The Exchange 2010 RPS URI should be in the following format: http://CAS_Server_FQDN/Powershell. Click OK.
Remarque : Make sure that the administrator credentials used to connect to the Exchange 2010 forest can also make remote Powershell connections to that forest.
The following figure shows how to select provisioning for Exchange 2010.Provision GalSync Management Agent for Exchange 2010
Testing Remote Powershell Connection
This Remote Powershell example tests whether you can make a Remote Powershell call to an Exchange 2010 Client Access server to verify that Remote Powershell is functioning correctly. From your ILM 2007 computer, first run this command:
$rs = new-pssession -conf microsoft.exchange -conn http://CAS_SERVER_NAME/powershell -auth kerberos -cred (get-credential)
Then run this command:
Invoke-Command $rs {get-recipient -ResultSize 1}