Deploy Multiple Forest Topologies
[Dieses Thema ist in Bearbeitung.]
Gilt für: Exchange Server 2010
Letztes Änderungsdatum des Themas: 2010-01-27
There are two supported types of multiple forest topologies in Exchange 2010:
- Cross-forest A cross-forest topology is one with multiple Exchange forests.
To deploy Exchange 2010 in a topology with a multiple forest, you must first install Exchange 2010 in each forest. For more information, see Neuinstallation von Exchange 2010.
Next, you must synchronize the recipients in each of the forests, so that the Global Address List (GAL) in each forest contains users from all the synchronized forests. For more information, see Deploy Exchange 2010 in a Cross-Forest Topology.
Finally, you must configure the Availability service so that users in one forest can view availability data for users in another forest. For more information, see Konfigurieren des Verfügbarkeitsdiensts für gesamtstrukturübergreifende Topologien. - Resource forest A resource forest topology is one with an Exchange forest and one or more user accounts forests.
To deploy Exchange 2010 in a topology with a resource forest, you must have at least one forest that contains user accounts. This forest should not have Exchange installed.
You must also have a forest with Exchange installed. In the Exchange forest, you must have disabled the user accounts that have Exchange mailboxes. Then you must associate the disabled user accounts in the Exchange forest with the user accounts in the accounts forest. For more information, see Bereitstellen von Exchange 2010 in einer Exchange-Ressourcengesamtstruktur-Topologie
GAL Synchronization
By default, a GAL contains mail recipients from a single forest. If you have a cross-forest environment, we recommend using the GAL Synchronization feature in Microsoft Integration Identity Server (MIIS) 2003 or in the Identity Integration Feature Pack for Microsoft Windows Server Active Directory with Service Pack 2 (SP2) to ensure that the GAL in any given forest contains mail recipients from other forests. This feature creates mail users that represent recipients from other forests, thereby allowing users to view them in the GAL and send mail. For example, users in Forest A appear as a mail user in Forest B and vice versa. Users in the target forest can then select the mail user object that represents a recipient in another forest to send mail.
To enable GAL Synchronization, you create management agents that import mail-enabled users, contacts, and groups from designated Active Directory services into a centralized metadirectory. In the metadirectory, mail-enabled objects are represented as mail users. Groups are represented as contacts without any associated membership. The management agents then export these mail users to an organizational unit in the specified target forest.
For more information about downloading Identity Integration Feature Pack for Microsoft Windows Server Active Directory with Service Pack 2 (SP2), see Identity Integration Feature Pack for Microsoft Windows Server Active Directory with Service Pack 2 (SP2).
Moving Mailboxes Across Forests
In a cross-forest topology, you may want to move mailboxes from one forest to another. To do this you must use the New-MoveRequest cmdlet. This is the same command that you use to move mailboxes within a single forest. For more information about moving mailboxes across forests, see the following topics:
- Prepare Mailboxes for Cross-Forest Move Requests
- Erstellen einer Remoteverschiebungsanforderung mit Exchange 2010 in beiden Gesamtstrukturen
- Erstellen einer Remote-Legacyverschiebungsanforderung, wenn eine der Gesamtstrukturen nicht über Exchange 2010 verfügt
Understanding Multiple Forest Administration
Microsoft Exchange Server 2010 uses new permissions functionality to manage your multiple forest environments.
Exchange 2010 uses a Role Based Access Control (RBAC) permissions model. The management role groups that administrators are members of, and the management role assignment policies that end-users are assigned, determine what each administrator and end-user can do. To understand multiple forest permissions, you need to be familiar with RBAC. For more information about RBAC and role groups and role assignment policies in particular, see Grundlegendes zur rollenbasierten Zugriffssteuerung.
You can use the RBAC permissions model to configure and manage the permissions between your forests. For more information about multiple forest permissions, see the following topics: