0

I have a Microsoft Exchange 2010 organization within one Microsoft Windows domain and I have users accessing it through OWA.

For simplicity lets say I currently have one CAS server (CAS 1) which is accessible only through a VPN connection. Lets call the users connecting to the first CAS group a.

For some users though, I need to install another CAS server (CAS 2) so that they can connect without using a VPN connection. Lets call those users group b.

What I need to achieve is that group a can only log in to CAS 1 and group b can only log in to CAS 2.

Now I know that one can disable/enable OWA per user but in my case that is not enough because OWA must be enabled for both groups.

John Wilcox
  • 73
  • 6
  • Why would either group need to VPN in to access Exchange services? Why make that a requirement at all? – TheCleaner Nov 11 '13 at 21:29
  • Currently the VPN is a requirement from the security dept. and the only way how people can access OWA. Since the devices which connect through the VPN are approved, bought by the organization and remotely administrated, only few select people are able to use OWA. As BYOD is popular, it has been decided that let's give it a try but only in the case that current VPN users accounts are ___not accessible__ through this new server. So, only select people should be able to log in to CAS2. In the end, VPN does protect crackers trying to gain access to OWA. – John Wilcox Nov 12 '13 at 06:06
  • I guess my question was more towards using Outlook Anywhere instead of bothering with OWA or a VPN. Regardless, I think what you are looking for would require setting up 2 separate URLs that the CAS servers would listen to. So for instance, setting up the 2nd with an external URL of "externalOWA.domain.com" and making the non-VPN users go there. I believe that would work, but I've always just used CAS arrays, nothing trying to do what you are doing, so I won't post as an answer per say. – TheCleaner Nov 12 '13 at 13:56
  • Configuring two OWA's is not the hard part. The hard part is how to configure OWA in way that Group A *can not* log in to CAS2. *Can not* as in CAS 2 should say the equivalent of "user not found" when a user belonging to group A tries to log on to CAS 2. Thank You very much for your comments! – John Wilcox Nov 13 '13 at 15:18

0 Answers0