We have already started the series of the post by explaining the scenario and the steps that will be performed to configure a shared SMTP Namespace or Email Alias between the two Forests.
In Part 2 of this series we will be going through the below points mentioned in the previous post:
- Configuring Network Connectivity between the Organizations
- Configuring DNS Registrations for Shared Namespace
- Configuring Name Resolution on Internal DNS
The First step in getting the two Organizations together is to establish a direct Network Connectivity between the Company A and Company B. You Network Administrator can initiate this Request with the Service Provider. The common ways for establishing this connectivity is via a Leased Line or an MPLS between the two networks. This direct communication is very much needed for Adress Book Synchronization, Cross-Forest Availability Sharing and Cross-Forest Autodiscovery. The email routing part, though, can function without a direct communication channel between the two organizations but I recommend to establish a direct connectivity to make things more seamless.
I have drawn a sketch of the Connectivity Flow that is required to be established between DOMAINA and DOMAINB for configuring the shared SMTP namespace
Once the Connectivity has been established, the following ports need to be allowed between the two organizations to enable the communication.
Configuring DNS Registrations for Shared Namespace
Appropriately registering DNS Records is one of the most vital factors to maintain the accessibility of the Exchange system. Things like Autodiscover and Availability Service depend alot on DNS Resolution.
While sharing SMTP Namespace between two different Forests, we need to take utmost care that the DNS for the shared SMTP Namespace has been configured properly and all the required records are present.
After deciding on the Shared SMTP domain name, we should first register the domain name so that it is under our ownership. Domain Name registrations can be done by contacting the domain Service Providers and providing them your details.
To successfully receive emails from the external world, we need to create DNS records under the shared SMTP domain that we have recently registered. In the below example, I am assuming that each domain is currently receiving SMTP traffic on two Hub Server IP Addresses. In total there will be four servers that need to be published on the Internet to receive Email traffic. Four A records and their associated PTR records have to be created as shown below.
The new shared domain will be having four MX Records, two belonging to each domain. The Priority of each MX record can be modified. I decided to load-balance the SMTP traffic between the two forests by registering the MX Records in the below manner.
Once the above records are registered, we can start receiving email communications to the new SMTP Namespace DOMAINC.COM. These emails will be load-balanced between COMPANY A and COMPANY B. But wait, we still have a long way to go before we can actually communicate this to our end-users or the Management. We are still not ready to receive emails on this SMTP domain Alias as we have to configure the Exchange infrastructure to handle this scenario. I will be covering the next steps in the Posts that follow.
To make Exchange Client access (Outlook Anywhere, Outlook Web Access, ActiveSync) to work from outside, each forest should have a unique Exchange URL for Client Access. Sharing a single Exchange URL is not possible (or should I say ….beyond the scope of this document!). This is a limitation for the Client Access to work in a Shared SMTP Namespace scenario.
Hence we register the below records on the DNS under the Shared namespace Domain DOMAINC.COM.
Note that Similar to the SMTP Records, the Autodiscover Record will also be load-balanced between the two Domains. We will be doing further configurations to appropriately handle such requests.
Note that we are not doing any modifications to the existing domain namespaces that we currently use to receive email. Thus, these activities will not cause any downtime to the existing setup.
Configuring Name Resolution on Internal DNS
We need to configure name resolution for the remote SMTP domains by redirecting name resolution requests to their authoritative DNS Servers. We also need to configure our Internal DNS Servers to host the new shared SMTP domain as a Forward Lookup Zone.
Go to the DNS Server of Company A, Create a Conditional Forwarder Zone for DOMAINB.COM. Add both the DNS Servers of DOMAINB.COM as the Master Servers for the DOMAINB.COM Conditional Forwarder zone. This will allow for Host Records in the DOMAINB.COM zone to be resolved in the DOMAINA.COM forest.
Go to the DNS Server of Company A, Create a new Forward Lookup Zone for DOMAINC.COM. Once DOMAINC.COM zone has been created in the DNS Server, create the following A Records
Go to the DNS Server of Company B, Create a new Forward Lookup Zone for DOMAINC.COM. Once DOMAINC.COM zone has been created in the DNS Server, create the following A Records
Go to the DNS Server of Company B, Create a Conditional Forwarder Zone for DOMAINA.COM. Add both the DNS Servers of DOMAINA.COM as the Master Servers for the DOMAINA.COM Conditional Forwarder zone. This will allow for Host Records in the DOMAINA.COM zone to be resolved in the DOMAINB.COM forest.
In this post we have covered the basic elements or prerequisites that will be required to have a common SMTP Namespace shared between two Forests. Going forward in this series, we will be discussing the architectural changes that have to be done on each Forest to achieve our objective.
Click on the below link to access the different series parts:
Configuring SMTP Namespace Sharing between two Exchange Forests – Part 1
Configuring SMTP Namespace Sharing between two Exchange Forests – Part 3
Configuring SMTP Namespace Sharing between two Exchange Forests – Part 4
Configuring SMTP Namespace Sharing between two Exchange Forests – Part 5
Configuring SMTP Namespace Sharing between two Exchange Forests – Part 6 (Not Live)
Configuring SMTP Namespace Sharing between two Exchange Forests – Part 7 (Not Live)