Help and Support

Article ID: 958381 - Last Review: October 10, 2008 - Revision: 1.0

Description of support information for managing servers that are not in the same domain or forest by using the FSSMC

View products that this article applies to.
Expand all | Collapse all

INTRODUCTION

This article describes support information for managing servers that are not in the same domain or forest by using the Microsoft Forefront Server Security Management Console (FSSMC).

MORE INFORMATION

Consider the following scenario. You manage servers by using the FSSMC. These servers are running Microsoft Antigen 9.0, Microsoft Forefront Security for Exchange Server, or Microsoft Forefront Security for SharePoint. These servers are not part of the same domain or forest. In this scenario, consider the following:
  • Servers must be entered as fully qualified domain names (FQDN) to be resolved as computer objects from different domains. On the Manage Servers page in FSSMC, enter the computer.domain before you add or resolve it.

    For example, the domain is example.com, and the server that you want to add is located in the example.domain1.com domain. In this example, you would enter MyComputerName.example.domain1.com, and then click Add or Verify.
  • Users must be entered as fully qualified domain names (FQDN) to be resolved as user objects from different domains. On the Add Users page in FSSMC, enter the FullyQualifiedDomain\UserName before you add or resolve it.

    For example, the domain is mydomain.test.local, and the user who you want to add is located in the mydomain.production.local. In this example, you would enter mydomain.production.local\UserName, and then click Add or Verify.
  • The Browse button on the Manage Servers page in FSSMC will only browse servers from the installed domain and the subdomains of that domain.
  • The Browse button on the Add Users page in FSSMC will only browse users from the installed domain and the subdomains of that domain.
  • Autodiscovery jobs will only search the installed domain for new computers that are running Microsoft Exchange Server.
  • Managed computers in external domains require read access to the SybariRedistribution share on the FSSMC server.
  • A two-way trust must be created between the installed domain and the external domain that you are trying to manage. If a two-way trust does not exist, FSSMC cannot fully manage the servers in the external domain.
  • Domain Name System (DNS) should be updated to allow the FSSMC server to resolve managed computers in the external domains.
For more information about how to configure DCOM for firewalls, visit the following Microsoft Web site:
http://msdn.microsoft.com/en-us/library/ms809327.aspx (http://msdn.microsoft.com/en-us/library/ms809327.aspx)
APPLIES TO
  • Microsoft Forefront Server Security Management Console
  • Microsoft Antigen for Exchange
  • Microsoft Antigen for SMTP Gateways
  • Microsoft Forefront Security for Exchange Server
  • Microsoft Forefront Security for SharePoint
Back to the top
Keywords: 
kbexpertiseinter kbhowto kbinfo KB958381

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations