Ports required to mailbox enable users in another domain of same f

I have a forest with several child domains.

I have Exchange installed in one of the child domains.

Users from all child domains will be mailbox enabled so /preparedomain has
been ran in all domains.

There are firewalls between the domains. No child domain to child domain
replication. Each child domain replicates with the root and the Root GCs
provide replication for the child domain GCs.

Child domain A has the Exchange 2007 servers.
There are no domain controllers or GCs from the other child domains within
the firewalls of the Domain A.

What ports need to be opened so that users from Domain B can be mailbox
enabled from the EMC on on an Exchange server in domain A?

Ed
Wed May 07 19:10:55 CDT 2008

Wouldn't it be easier to put a Domain A GC in the site?
--
Ed Crowley
MVP - Exchange
"Protecting the world from PSTs and brick backups!"

"Mack" <Mack@discussions.microsoft.com> wrote in message
news:0E3802CE-4A5C-40A4-90E1-1FCD440A0FD2@microsoft.com...
>I have a forest with several child domains.
>
> I have Exchange installed in one of the child domains.
>
> Users from all child domains will be mailbox enabled so /preparedomain has
> been ran in all domains.
>
> There are firewalls between the domains. No child domain to child domain
> replication. Each child domain replicates with the root and the Root GCs
> provide replication for the child domain GCs.
>
> Child domain A has the Exchange 2007 servers.
> There are no domain controllers or GCs from the other child domains within
> the firewalls of the Domain A.
>
> What ports need to be opened so that users from Domain B can be mailbox
> enabled from the EMC on on an Exchange server in domain A?

Mack
Thu May 08 06:25:00 CDT 2008

Oh Yeah. It would also be smarter to remove the very, very restrictive
firewalls that are everywhere in the network.

This customer is actually a group of different government entities who fall
under the Department of Interior but had their own networks and domains.
They were forced into a single forest, each in their own domain.

They don't play well together. There is a commercial vendor who runs their
WAN connections. The Commercial vendor places firewalls at the entry points
to each domains LAN. The Firewalls are configured to the customers
specifications. The IT staff in the domains don't trust the commercial
vendor so they put up another firewall inside of the commercial vendors
firewall.

The seperate groups will not allow their DCs to be allowed to communicate
directly to a DC from another domain. Even though there may be two DCs from
seperate domains in the same Data Center, in two racks that are side by side.


"Ed Crowley [MVP]" wrote:

> Wouldn't it be easier to put a Domain A GC in the site?
> --
> Ed Crowley
> MVP - Exchange
> "Protecting the world from PSTs and brick backups!"
>
> "Mack" <Mack@discussions.microsoft.com> wrote in message
> news:0E3802CE-4A5C-40A4-90E1-1FCD440A0FD2@microsoft.com...
> >I have a forest with several child domains.
> >
> > I have Exchange installed in one of the child domains.
> >
> > Users from all child domains will be mailbox enabled so /preparedomain has
> > been ran in all domains.
> >
> > There are firewalls between the domains. No child domain to child domain
> > replication. Each child domain replicates with the root and the Root GCs
> > provide replication for the child domain GCs.
> >
> > Child domain A has the Exchange 2007 servers.
> > There are no domain controllers or GCs from the other child domains within
> > the firewalls of the Domain A.
> >
> > What ports need to be opened so that users from Domain B can be mailbox
> > enabled from the EMC on on an Exchange server in domain A?
>
>
>

Ed
Mon Jun 02 18:52:10 CDT 2008

Well, good luck with that!
--
Ed Crowley
MVP - Exchange
"Protecting the world from PSTs and brick backups!"

"Mack" <Mack@discussions.microsoft.com> wrote in message
news:5EF841F9-0E65-41BD-AAFF-BBECF2EA24A7@microsoft.com...
> Oh Yeah. It would also be smarter to remove the very, very restrictive
> firewalls that are everywhere in the network.
>
> This customer is actually a group of different government entities who
> fall
> under the Department of Interior but had their own networks and domains.
> They were forced into a single forest, each in their own domain.
>
> They don't play well together. There is a commercial vendor who runs
> their
> WAN connections. The Commercial vendor places firewalls at the entry
> points
> to each domains LAN. The Firewalls are configured to the customers
> specifications. The IT staff in the domains don't trust the commercial
> vendor so they put up another firewall inside of the commercial vendors
> firewall.
>
> The seperate groups will not allow their DCs to be allowed to communicate
> directly to a DC from another domain. Even though there may be two DCs
> from
> seperate domains in the same Data Center, in two racks that are side by
> side.
>
>
> "Ed Crowley [MVP]" wrote:
>
>> Wouldn't it be easier to put a Domain A GC in the site?
>> --
>> Ed Crowley
>> MVP - Exchange
>> "Protecting the world from PSTs and brick backups!"
>>
>> "Mack" <Mack@discussions.microsoft.com> wrote in message
>> news:0E3802CE-4A5C-40A4-90E1-1FCD440A0FD2@microsoft.com...
>> >I have a forest with several child domains.
>> >
>> > I have Exchange installed in one of the child domains.
>> >
>> > Users from all child domains will be mailbox enabled so /preparedomain
>> > has
>> > been ran in all domains.
>> >
>> > There are firewalls between the domains. No child domain to child
>> > domain
>> > replication. Each child domain replicates with the root and the Root
>> > GCs
>> > provide replication for the child domain GCs.
>> >
>> > Child domain A has the Exchange 2007 servers.
>> > There are no domain controllers or GCs from the other child domains
>> > within
>> > the firewalls of the Domain A.
>> >
>> > What ports need to be opened so that users from Domain B can be mailbox
>> > enabled from the EMC on on an Exchange server in domain A?
>>
>>
>>