Shared Hosting with Exchange 2003 (Part 1)
Consider the following scenario: You are the Exchange administrator of a company that buys some other companies that are supposed to work together but still retain their own domain name. All the companies your company bought move to your own campus. Management decided to save on IT costs so these companies no longer have their own IT staff, so they have to use your infrastructure.
For a brief period you consider installing two domain controllers for each company (for redundancy) and have a big forest you might not actually need and install a separate Exchange server for each company and start managing backups and restores for each server. Some of the merged companies have old servers that you cannot really use and management will not approve buying new servers.
So, instead you opt for hosting these companies on your own domain and Exchange server. This allows you to easily prune, graft and add companies dynamically which pleases management.
Setup a Company in Active Directory
To illustrate this I'm going to assume your company bought another company called Dogfood. All Dogfood employees will be put in the same Organization Unit.
A Universal Security group is required to both grant permissions and be able to send mail to all Dogfood employees.
After setting up the group it is also important to configure it to use the company's domain e-mail address, dogfood.com. Microsoft's documentation usually offers to use extension attributes to identify which object belongs to which company. I find it more elegant to the mail attribute which by default specifies the reply-to SMTP mail address of a mail enabled object.
Once our group is in place we can create a recipient policy using Exchange System Manager so that users belonging to the Dogfood Employees group get the e-mail address dogfood.com as well. This is done by creating a custom filter rule that uses the memberOf attribute.
Note that another bogus SMTP address, @hosting.farm, is added for all users. We need this because Outlook Web Access requires all users in the domain to have a common e-mail domain.
Now we can create an Address List so that Outlook users can find Dogfood users more easily instead of needing to wade through the entire Global Address List. This address list will include all users with the @dogfood.com e-mail addresses.
Since Dogfood employees might want to log in using their own domain name, a UPN suffix can be added to the dogfood Organizational unit by using the ADSIEdit tool.
Now is the time to create some Dogfood users using Active Directory Users and Computers in the Dogfood Organizational Unit.
The user needs to be added to the Dogfood Employees, so after while when the recipient policy is a activated the user gets a @dogfood.com SMTP address.
By being able to tweak Active Directory and Exchange, hosting becomes possible and can save some money for your company. After setting this up you no longer need to worry about configuration and hidden user attributes that can sometimes disappear on you. Just add new users to their corresponding hosted domain Universal Group and you are ready to go.
The second part of this article will discuss a more complex hosting scenario – hosting companies ASP style where companies are completely separated.