Results 1 to 10 of 10

Thread: Authentication against 2 AD domains / forests

Hybrid View

  1. #1
    Join Date
    Mar 2012
    Posts
    1
    Rep Power
    3

    Question Authentication against 2 AD domains / forests

    Hello, is it possible with Zimbra server to authenticate users in 1 Zimbra e-mail domain against 2 AD domains?
    I have such situation where 2 companies merges, we have 2 forests and 2 AD domains with trust relationships, and I want to deploy 1 zimbra server to serve mailboxes for those 2 forests / AD domains / companies with 1 e-mail domain.

    I'd be very very thankfull for your answers/suggestions.

    Best regards,

    Adam.

  2. #2
    Join Date
    Apr 2012
    Posts
    9
    Rep Power
    3

    Default

    Bump

    I would also like to see if this is possible

  3. #3
    Join Date
    May 2010
    Posts
    272
    Rep Power
    5

    Default

    Hmm i could be complete wrong but i say no that cannot work

    a domain is a organisational unit - while you can split it into sub and subsub domains but the same org unit in 2 ADs how this should work?

    anyway its not really nessesary

    you can have multiple email domains to connect to the ad and send and recieve
    from only one.

    zimbra doenst really care in which domain an account is beside it sets the default sending and recieving mail address

    is it a real problem having the second ad on a virtual second domain?


    the other solution might be going from the other side - from the ads side and start merging there but i know this can be very messy but also very smooth


    i think the eaiset would be driving with a second domain on the zimbra for now, and later after migrating those ads switch those accounts into ad1


    edit:beside it should also work to use same gal for both domains - , still even without that users can share from one domain to another even if they are on another zimbra server - they only have to be in the same zimbra "forrest" or domain

  4. #4
    Join Date
    Apr 2012
    Posts
    9
    Rep Power
    3

    Default Question regarding multi AD domain authentication

    Hello all,

    We are currently getting our Zimbra test server setup and testing the features that come with it. We are running Zimbra 7.1.4 x64 open source edition on Centos6.2 x64

    We have one email domain for all users "example@company.com"
    However we are wanting to use AD to authenticate the users. Problem is, we have two AD domains in two seperate forests. I got Zimbra to authenticate against one but looking for a way to link the other.

    "USA.company.com" and "India.company.com" both use the "company.com" email domain. Is there a way for a single email domain to authenticate against two separate AD domains or is there a involved workaround for this?

    Thanks in advance!

  5. #5
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by ChaseA View Post
    We are currently getting our Zimbra test server setup and testing the features that come with it. We are running Zimbra 7.1.4 x64 open source edition on Centos6.2 x64

    We have one email domain for all users "example@company.com"
    However we are wanting to use AD to authenticate the users. Problem is, we have two AD domains in two seperate forests. I got Zimbra to authenticate against one but looking for a way to link the other.

    "USA.company.com" and "India.company.com" both use the "company.com" email domain. Is there a way for a single email domain to authenticate against two separate AD domains or is there a involved workaround for this?

    Thanks in advance!
    I believe you've already had an answer to this question in the previous thread that you 'bumped' (i.e. the thread to which I've attached this post), have you not?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    Join Date
    Apr 2012
    Posts
    9
    Rep Power
    3

    Default

    Thanks Phoenix, I must have missed the notification that someone replied to it.

    So I would create another email domain ie "Company2.com" and configure it to send and recieve email via "company.com". My apologies I am new to both the Linux and Email admin world so its been alot of googling and forum reading getting this far.

  7. #7
    Join Date
    Apr 2012
    Posts
    9
    Rep Power
    3

    Default

    Another question: We are thinking of restructuring AD and merging the two forests into one. However management is wanting to still keep the two domains instead of having a single central domain. So they structure would be as follows

    Forest:
    company.com (parent)
    usa.company.com (child)
    india.company.com (child)

    Is this going to cause a similar issue since there are still two seperate domains or can I reference the parent and Zimbra will search both child domains?

    Thanks again,
    Chase

  8. #8
    Join Date
    Apr 2012
    Posts
    9
    Rep Power
    3

    Default

    Can anyone chime in on how to create an email domain to connect to my other active directory domain but send mail from my primary email domain.

    Ive created a test environment and though the two domains are children and in the same forest zimbra will only look at one (which is what I expected)

  9. #9
    Join Date
    Apr 2012
    Posts
    9
    Rep Power
    3

    Default

    Hello again,

    I have tested the alias solution above and it works ok but its just too much administrative over head. Now I have been experimenting with alternative routes to solve my issue.

    On my Openfire IM server I was able to authenticate against port 3268 (AD Global Catalog) This has allowed me to consolidate all three domains (company.com, child1.company.com, and child2.company.com)

    I was wondering if anyone has done the same in zimbra, in using AD's Global Catalog to pass along authentication requests. I was hoping it worked as easily as my other application but that was not the case. Zimbra is still only wanting to search the specified domain when setting up authentication.

Similar Threads

  1. One user, two email domains, one AD authentication domain
    By aldennis in forum Administrators
    Replies: 3
    Last Post: 03-01-2013, 05:57 AM
  2. Advanced MTA Configuration - multiple domains
    By keyhman in forum Installation
    Replies: 6
    Last Post: 04-20-2012, 03:23 AM
  3. Does Zimbra support IMAP Secure Authentication?
    By zzzzsg in forum Administrators
    Replies: 6
    Last Post: 11-06-2009, 07:19 PM
  4. Replies: 3
    Last Post: 06-07-2007, 08:19 AM
  5. Replies: 1
    Last Post: 02-15-2006, 11:20 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •