locked
Multi Domain, Multi Forest confiuration question RRS feed

  • Question

  • We just set up OCS 2007 in our Western hemisphere office.  There is also a Eastern Hemisphere office that is a separate company but we are starting down the path of a single forest setup.  This is going to be several years until implimentation due to logictics issues.  For the moment we have domain trusts and site to site vpn already in place.  Eastern hemisphere has LCS 2005/SP1 in place.  We would like to impliment some sort of a connector between the two servers so we can have communication between domains.  

     

    From my initial reading the most popular solution would be Microsoft Identity Lifecycle Manager.  Documentation is pretty slim on this at the moment does anyone have any suggestions on the least painful way to impliment this or should we just wait a few years on the single forest?  Thanks for any help.

    Tuesday, November 6, 2007 2:01 PM

All replies

  • Is your current desire to enable Western Hemisphere users on the Eastern Hemisphere LCS deployment?  If so, you can use ILM to create contact objects in the forest with LCS and then populate the MSRTCSIP-OriginatorSid with the objectSid attribute of the Western Hemisphere account.  This is documented in Deploying_in_a_Multiple_Forest_Environment.doc, which can be found in the LCS 2005 resource kit.

     

    If you want to have a separate LCS or OCS deployment for the Western Hemisphere then you can federate the two systems until the point that you are able to merge them.  The down side of this method is that you won't have a unified address book.

    Friday, November 9, 2007 11:23 AM
    Moderator