How to Configure a Connector and Require Authentication for Cross-Forest Authentication

When you configure Microsoft® Exchange Server to resolve mail anonymously in a cross-forest scenario, a connector must be created that connects directly to the forest from which you want to receive mail.

Before You Begin

Before you perform the procedure in this topic, read Deployment Scenarios for Internet Connectivity.

The following permissions are required to perform this procedure:

• Member of the local administrators group and a member of a group that has had the Exchange Administrators role applied at the administrative group level

Procedure

To configure a connector and require authentication for cross-forest authentication

1. Start Exchange System Manager: Click Start, point to All Programs, point to Microsoft Exchange, and then click System Manager.

2. In the console tree, right-click Connectors, point to New, and then click SMTP Connector.

3. On the General tab, in the Name box, type a name for the connector.

4. Click Forward all mail through this connector to the following smart hosts, and then type the FQDN or IP address of the receiving bridgehead server.

5. Click Add to select a local bridgehead server and SMTP virtual server to host the connector.

   The General tab in an SMTP virtual server Properties dialog box

   

6. On the Address Space tab, click Add, select SMTP, and then click OK.

7. In Internet Address Space Properties, type the domain of the forest to which you want to connect, and then click OK. In this example, because the connector is sending from the Adatum forest to the Fabrikam forest, the address space matches the domain for the forest, fabrikam.com.

   The Internet Address Space Properties dialog box

   

   Exchange will now route all mail destined to fabrikam.com (the Fabrikam forest) through this connector.

8. On the Advanced tab, click Outbound Security.

9. Click Integrated Windows Authentication.

   The Integrated Windows Authentication button in the Outbound Security dialog box

   

10. Click Modify.

11. In Outbound Connection Credentials, in the Account, Password, and Confirm password boxes, specify an account and password in the destination forest (in this case, Fabrikam) that has Send As permissions and is an authenticated Fabrikam account. Use the following format for the account name: domain**\**username, where:

    • domain is a domain in the destination forest.

    • username represents an account in the destination forest with Send As permissions on all Exchange servers in the destination forest that will accept mail from this connector.

    The Outbound Connection Credentials dialog box

    

12. Click OK.