Windows Server 2003 CA


Topic Last Modified: 2005-05-19

Consider the following issues when using Exchange 2003 with Windows Server 2003 CA in a cross-forest scenario:

  • You cannot send encrypted e-mail messages to members of a distribution list whose accounts reside in a different forest from the sender, because it is impossible for the e-mail client to obtain the encryption certificate for those foreign recipients.

  • When you use Exchange 2003 in a resource forest scenario (where user accounts are located in one forest and user mailboxes are located in a separate forest and are attached to a disabled account), issues can arise when trying to publish digital certificates between the forests. Because the accounts are in separate forests, you cannot replicate certificates from one forest to another. Currently, this can be addressed by manually copying certificates between the forests or by using Microsoft Identity Integration Server 2003. For more information, see "Microsoft Identity Integration Server 2003 Global Address List Synchronization."