Active Directory Resource Forest Topology Exchange Management

In Active Directory Account Forest - Resource Forest Topology, all user accounts exist in one or more Forests called Account Forests, while resources have a dedicated Active Directory Forest called a Resource Forest. The Resource Forest may have deployments like Microsoft Exchange or Skype Server.

The Active Directory connector supports managing Exchange Linked Mailbox, Mail user, and Mail contact from the Resource Forest. Whenever a user from the Account Forest requests a mailbox, a Linked Mailbox is created on the Resource Forest Exchange server with an associated disabled user. The connector uses the following terms:

• Shadow Account for disabled user

• Master Account for the user of Account Forest

The connector aggregates all Exchange properties of the Shadow Account and maps these to the corresponding Master Account.

The connector relies on the connection details provided under the Exchange Settings, Forest Settings, and Domain Settings to carry out all the supported operations.

Prerequisite

Minimum one-way trust from Exchange Resource Forest to Account Forest.

Administrator Permissions

• For read operations of the Linked mailbox properties, service account from the Resource Forest Domain must be a member of Account Operator group.

• For all provisioning operations of Linked mailbox, service account from the Resource Forest Domain must be a member of Recipient Management group.