Deploy Multiple Forest Topologies
[이 항목은 진행 중입니다.]
적용 대상: Exchange Server 2010
마지막으로 수정된 항목: 2010-01-27
There are two supported types of multiple forest topologies in Exchange 2010:
- Cross-forest A cross-forest topology is one with multiple Exchange forests.
To deploy Exchange 2010 in a topology with a multiple forest, you must first install Exchange 2010 in each forest. For more information, see Exchange 2010 새 설치.
Next, you must synchronize the recipients in each of the forests, so that the Global Address List (GAL) in each forest contains users from all the synchronized forests. For more information, see Deploy Exchange 2010 in a Cross-Forest Topology.
Finally, you must configure the Availability service so that users in one forest can view availability data for users in another forest. For more information, see 포리스트 간 토폴로지에 대한 가용성 서비스 구성. - Resource forest A resource forest topology is one with an Exchange forest and one or more user accounts forests.
To deploy Exchange 2010 in a topology with a resource forest, you must have at least one forest that contains user accounts. This forest should not have Exchange installed.
You must also have a forest with Exchange installed. In the Exchange forest, you must have disabled the user accounts that have Exchange mailboxes. Then you must associate the disabled user accounts in the Exchange forest with the user accounts in the accounts forest. For more information, see Exchange 리소스 포리스트 토폴로지에 Exchange 2010 배포
GAL Synchronization
By default, a GAL contains mail recipients from a single forest. If you have a cross-forest environment, we recommend using the GAL Synchronization feature in Microsoft Integration Identity Server (MIIS) 2003 or in the Identity Integration Feature Pack for Microsoft Windows Server Active Directory with Service Pack 2 (SP2) to ensure that the GAL in any given forest contains mail recipients from other forests. This feature creates mail users that represent recipients from other forests, thereby allowing users to view them in the GAL and send mail. For example, users in Forest A appear as a mail user in Forest B and vice versa. Users in the target forest can then select the mail user object that represents a recipient in another forest to send mail.
To enable GAL Synchronization, you create management agents that import mail-enabled users, contacts, and groups from designated Active Directory services into a centralized metadirectory. In the metadirectory, mail-enabled objects are represented as mail users. Groups are represented as contacts without any associated membership. The management agents then export these mail users to an organizational unit in the specified target forest.
For more information about downloading Identity Integration Feature Pack for Microsoft Windows Server Active Directory with Service Pack 2 (SP2), see Identity Integration Feature Pack for Microsoft Windows Server Active Directory with Service Pack 2 (SP2).
Moving Mailboxes Across Forests
In a cross-forest topology, you may want to move mailboxes from one forest to another. To do this you must use the New-MoveRequest cmdlet. This is the same command that you use to move mailboxes within a single forest. For more information about moving mailboxes across forests, see the following topics:
- Prepare Mailboxes for Cross-Forest Move Requests
- 두 포리스트에 모두 Exchange 2010이 있는 원격 이동 요청 만들기
- 포리스트 중 하나에 Exchange 2010이 없는 원격 레거시 이동 요청 만들기
Understanding Multiple Forest Administration
Microsoft Exchange Server 2010 uses new permissions functionality to manage your multiple forest environments.
Exchange 2010 uses a Role Based Access Control (RBAC) permissions model. The management role groups that administrators are members of, and the management role assignment policies that end-users are assigned, determine what each administrator and end-user can do. To understand multiple forest permissions, you need to be familiar with RBAC. For more information about RBAC and role groups and role assignment policies in particular, see 역할 기반 액세스 제어 이해.
You can use the RBAC permissions model to configure and manage the permissions between your forests. For more information about multiple forest permissions, see the following topics: