Attack Computer Wiz

A Security & Technology Weblog

Normally if a user needed to access their exchange email account they would simply log into the domain, configure their email settings and read their email. Certain things make this seemingly simple task, not so simple. One of those would be an external trust or an external trust with “Selective Authentication” enabled.

When users from a trusted domain need to access exchange services in a trusting domain they will be prompted for username and password. Also anytime they close their email application, log off, or restart, they will have to go through the authentication process all over again.

There is a way to bind a trusted domain user account to an exchange user account in the trusting domain. And the method actually is quite simple. Before we begin let me make a few assumptions.

  • The trusted domain is the domain the user logs in to.
  • The trusting domain is the domain where the user has a user account and an exchange account.
  • You have access to Active Directory Users and Computers MMC.
  • You have exchange tools installed.
  1. Open Active Directory Users and Computers in the Trusting domain.
  2. Locate the user account you wish to modify.
  3. Right click the user account and choose “Properties”.
  4. Click on the “Security” tab and then click “Add”.
  5. Click the “Locations” button and choose the domain you want to connect to.
  6. Enter the name of the user account in the Trusted domain that you wish to grant access and click “OK”.
  7. In the “User Properties” window of the “Security” tab, select the user account you just added.
  8. In the “Permissions” list, check the Allow boxes for the Read Permissions, Full Mailbox Access, and Associated External Account.
  9. Click “OK
The user in the trusted domain should now be able to access the exchange email account, of their associated user account, in the Trusting domain. If you have enabled “Selective Authentication” in your trust configuration you may also need to apply the “Allowed to Authenticate” to the Exchange server object in ADUC also.

Microsoft KB278888

user Posted by John "Mike" Wright

| More


Post a Comment