How to Enable Cross-Forest SMTP Authentication

  • Article

 

To enable cross-forest SMTP authentication, in each forest you must create connectors that use an authenticated account from the other forest.

Before You Begin

Before you perform the procedures in this topic, read the following scenario. Consider a two-forest environment for A. Datum Corporation and Fabrikam, Inc. Both of these forests are single domain forests that use the domains of adatum.com and fabrikam.com, respectively. To allow cross-forest mail collaboration, all users in the Adatum forest are represented as contacts in the Fabrikam forest's Active Directory. Likewise, all users in the Fabrikam forest are represented as contacts in the Adatum forest's Active Directory.

Procedure

To enable cross-forest SMTP authentication

  1. Create an account in the Fabrikam forest that has Send As permissions. For all users in the Adatum forest, a contact also exists in the Fabrikam forest. Therefore, this account allows Adatum users to send authenticated e-mail messages. Configure these permissions on all Exchange Servers that will accept incoming e-mail messages from Adatum. For detailed steps, see How to Create a User Account in Another Forest with Send As Permissions.

  2. On an Exchange Server in the Adatum forest, create a connector that requires authentication by using this account to send outbound e-mail messages. For detailed steps, see How to Create a Connector and Require Authentication for Cross-Forest Authentication.

  3. Repeat steps 1 and 2 to set up cross-forest authentication from the Fabrikam forest to the Adatum forest. To set up cross-forest authentication from the Fabrikam forest to the Adatum forest, you must create the account in Adatum, and you must create the connector in Fabrikam.

For More Information

For more information, see the following topics: