Please let others know how useful this tip is via the rating scale at the end of it. Do you have a useful Exchange...
or Outlook tip, timesaver or workaround to share? Submit it to our tip contest and you could win a prize.
The company you work for buys a smaller company. The newly acquired company exists in its own Active Directory forest and has its own Exchange organization. Management wants all e-mails coming from the newly acquired company to reflect the parent company's domain name. There are techniques that can be used to consolidate the networks, but doing so takes a lot of time and requires an extensive amount of planning. You need a plan for changing e-mail addresses now.
The trick is to designate one of the Exchange servers in your organization as an SMTP proxy server. You can then direct mail flowing from the newly acquired company's mail servers through your SMTP proxy server. The SMTP proxy server can then rewrite the mail header, changing the 'From' address to one that appears to come from your company's domain name. If someone responds to the message, the response will be sent to your organization, and then forwarded through the SMTP proxy server to the intended recipient at the newly acquired company.
It takes some work to make an SMTP proxy server operate correctly in a situation like I've just described. There are two main tasks involved. First, you have to prepare Active Directory so that it has knowledge of the users in the other forest. Second, you have to enable address rewriting, which is disabled (and hidden) by default.
Let's start out by looking at the user account portion of the issue. The problem is that your company's Active Directory has no idea that the users in the other companies exist, because those user accounts (and mailboxes) exist under independent forests. There are a lot of different ways that you can give your Active Directory knowledge of those users. For example, I have heard of people creating mappings through Microsoft's Identity Integration Service, or creating trusts between domains in the two forests. For the purpose of this article, I am going to use Active Directory contacts.
A contact is an Active Directory object that is similar to a user object -- except that a contact can't be used to log into the domain. You will have to create a contact object that corresponds to each user object in the remote forests.
Keep in mind that you will need to have some sort of naming convention in place before you get started in order to avoid duplication.
Create an Active Directory contact
- Open the Active Directory Users and Computers console.
- Right click on the Users container and select New -> Contact.
- When prompted, enter a first name, last name, full name and display name for the contact and click Next.
- On the following screen, select the 'Create an Exchange E-Mail Address' checkbox and click Modify.
- When prompted, select the SMTP Address option and click OK.
- Now, enter the user's current -mail address (username@old_company_name.com) into the 'E-mail Address' field. Click OK, followed by Next, then Finish.
- At this point, right click on the newly created contact and select Properties.
- Choose the Exchange General tab from the contact's properties sheet and verify that the user's correct e-mail address is shown.
- Now select the 'E-Mail Addresses' tab and click the New button.
- Enter the user's new e-mail address. For example, this might be something like contact_name@your_company_name.com The domain name should match the domain name that you want all outbound messages to appear to be from.
- After entering the new e-mail address, select the new address from the list of addresses and click the 'Set as Primary' button.
Establish an SMTP connector
After you've created an Active Directory contact to correspond with a user from the remote forest, you need to establish an SMTP connector between the mail server in your forest and the mail server in the remote forest.
- Open Exchange System Manager.
- Navigate to Administrative Groups -> your administrative group -> Routing Groups -> First Routing Group -> Connectors.
- Right click on the Connectors container and select New -> SMTP Connector.
Unfortunately, I can't tell you exactly how to set up the SMTP connector from here, because it will greatly depend on how your servers are set up. What I can tell you is that you will need to designate a bridgehead server in each organization. Also, the bridgehead server in the newly acquired company must have an address space of "*".
Enable address rewriting
The final piece of the puzzle is to enable address rewriting. Before I tell you how to do this, though, I want to explain what is going to happen. If users in the newly acquired companies send messages destined for local users, everything will work exactly as it always has. However, if a user creates an SMTP message that is destined for the Internet, the message is sent through the local SMTP bridgehead server to the SMTP bridgehead server in your organization. It is the latter SMTP bridgehead server that will act as an SMTP proxy server.
When the message is received by your organization, it is written to the information store, where the existing MIME format is invalidated. This forces a conversion from MIME to MAPI format. This means that the message will have to be re-rendered prior to being sent. Exchange will then check Active Directory to see if there is contact information on file for the sender. If so, Exchange will replace the sender's e-mail address with whatever is listed in AD.
As I mentioned before, the address rewrite feature is both disabled and hidden by default. Only Exchange Server 2003 supports address rewrites, and enabling it involves making complex modifications through ADSIEDIT. However, Microsoft has provided a nifty tool in the Exchange Server 2003 Resource Kit called EXARCFG. This command-line tool allows you to enable address rewrites much more easily.
To enable address rewrites using EXARCFG, extract the contents of the EXARCFG archive to an empty folder. Then, enter the following command:
EXARCFG –E –S server_name –V: smtp_virtual_server_instance_number
The SMTP virtual server instance number can be omitted if there is only one SMTP virtual server on the physical server that you have specified.
Enabling address rewrites in Exchange Server 2003 is a relatively complicated task. However, it will give the illusion that everyone is using a common domain name until you can actually migrate users and mailboxes.
About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, CNET, ZDNet, TechTarget, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at http://www.brienposey.com.
Do you have comments on this tip? Let us know.