Authentication requires a DC.
You can read more about the multi-forest and multi-domain authentication
options here:

www.microsoft.com/exchange/library

In this case, you're pretty much stuck with either WAN traffic or DC
creation.  If cost is a factor and you expect the numbers to be fairly low,
you might want to have a look at what R2 and server virtualization can do
for you and the licensing around that. Might dovetail nicely into a
backup/recovery plan as well. :)

Al

This is really not a yes or no answer. Your Exchange server will use
any global catalog for purpose of authenticating Outlook clients.
However, Exchange will refer GC's that are local to the Exchange's site
for authentication although this is configurable through the desktop
running Outlook in the registry. Therefore, when an Outlook client
tries to authenticate, Exchange will refer him to the GC that's within
it's local site. The second portion is Exchange's role with GC's.
Exchange queries information within GC's through a process called
DSACCESS for obtaining information such as name resolution in GAL,
quotas, routing updates, locating user's HOME server etc. Your Exchange
server by default will use a GC in it's local site. Because GC's have
readable access to all objects in every domain, it can serve DSACCESS
requests to objects in different domains for getting any of those
attributes listed above without having to query the GC in it's
corresponding domain. So in the end GCs can server most requests that
are required by Exchange, but I would prob expect to see some WAN
communcations.

James Chong
MCSE + Messaging, MCTS
msexchangetips.blogspot.com