I/we have a problem with our Windows Server 2008 forest and Exchange. We are buying Exchange hosting from another firm and Exchange Server is in their Windows Server 2008 forest. So, we have two forests and there isn't any trusts between these two forests. Our own forest logon name is first.surname@firm.com and we also use the same email address to logon to the Exchange mailbox.
Everything works fine if both our AD account and Exchange mailbox account have the same password, but if the passwords don't match, our AD account gets locked out. I have tried to figure out why Outlook sends false logon attemps to our AD. If someone can help, please do.
Best Answer
As your usernames are the same, this is going to be a problem. Outlook will first attempt single sign-on by using the currently logged in user's credentials. As the username matches that as the one in the other forest, you are going to get account lockouts when the passwords do not match.
Ideally, you would create a trust relationship between forests and then give your users Full Access to the mailboxes in the Exchange forest.
If that is not possibly, you could try forcing Outlook to prompt for logon credentials every time it is opened by checking the box below (Advanced settings on the mailbox setup in Outlook).
I guess a last option would be to rename the accounts (or use a different UPN) in one of the domains.