locked
Delegate Access Cross Forest RRS feed

  • Question

  • Hello,

    I have an Exch2003 forest with a two way trust to an Exch2010 forest located on the same physical site.  Is it possible to grant delegate access to mailboxes cross forest both ways?  If so, how is this done?  I am starting this thread in 'General Discussions' for now.

    Thank you...

    Monday, March 12, 2012 8:23 PM

Answers

  • Ok I am going to try accomplishing this using Outlook 2010 & the Office Customization Tool and repost an update.

    Thanks to all.

    • Marked as answer by xmr25 Wednesday, March 21, 2012 8:28 PM
    Wednesday, March 21, 2012 8:28 PM

All replies

  • Update:

    I was able to grant permissions to an 2008 AD User to a Exch2003 mailbox cross forest (with two way trust) using the 2003 AD - User properties - Exchange Advanced tab - Mailbox Rights - Add - 2008 User Logon Name.  However, now when I attempt to grant delegate access to the Exch2003 mailbox thru Outlook 2007 client - Tools - Options - Delegates tab - Add, the only option that can be viewed is my 2003 AD address book and no option to view my 2008 AD.

    Any thoughts?

    Thank you...

    Tuesday, March 13, 2012 5:53 PM
  • Hello xmr25,

    As far as I know, you cannot grant on user (in Exchange 2010) delegate access to mailbox (in Exchange 2003).

    Why do you want to do that?

    Could you explain your requirements in detail that I can find whether there is any other workaround for you.

    Thanks,

    Evan


    Evan Liu

    TechNet Community Support

    Wednesday, March 14, 2012 8:44 AM
  • Hi Evan,

    I am 'planning/in process of' a cross forest migration from a Windows 2003/Exch2003 forest over to a Windows2008/Exch2010 forest on the same physical site.  The cross forest move is needed because of an 'invalid character' in my Windows2003 internal domain name that is not supported by Windows 2008.  I need to migrate about 60 users and about 100 mailboxes and I need to do it in phases by moving a few at a time.  During this transition, users from both forests would need access to each others mailboxes, inboxes, calendars, meeting requests, etc.  Public folder sync is needed so there is a two-way trust already in place so I'm trying to figure out a way to accomplish this for the transition period.

    Thank you...

    /Bobby

    Wednesday, March 14, 2012 6:30 PM
  • Hi xmr25,

    Maybe you can configure two accounts on users' Outlook, then they can try to access the two mailboxes (in Exchange 2003 and Exchange 2010).

    Multiple Exchange Accounts in Outlook 2010
    http://blogs.office.com/b/microsoft-outlook/archive/2009/08/25/multiple-exchange-accounts-in-outlook-2010.aspx

    Per my knowlege, you cannot use delgate access to access the mailboxes (in Exchange 2003 and Exchange 2010).

    Thanks,

    Evan

     


    Evan Liu

    TechNet Community Support

    Thursday, March 15, 2012 9:45 AM
  • Hi Evan,

    So you're saying with Outlook 2010, I can use the same profile to access multiple mailboxes that belong to different Exchange servers?

    Thursday, March 15, 2012 2:56 PM
  • Yes, you can just follow that document to do that.

    Thanks,

    Evan


    Evan Liu

    TechNet Community Support

    Friday, March 16, 2012 2:08 AM
  • I just got confirmation I will need the full version of Office 2010 to try this tomorrow.  Will keep you posted.

    Thanks

    Sunday, March 18, 2012 4:21 PM
  • Any updates?

    Thanks,

    Evan


    Evan Liu

    TechNet Community Support

    Tuesday, March 20, 2012 3:26 AM
  • Hi Evan,

    I'm in the process of attempting to purchase a volume licensing version to test out.

    Do you know if the 'Open Business Licensing' Standard version also has the 'Admin' folder with OCT?

    On another note, is it even possible to just use a box version & then get a copy of the 'Admin' folder to use the OCT tool?

    Thanks...

    Tuesday, March 20, 2012 2:20 PM
  • You can't. Now existing access will be preserved say calendar perms or folder perms. But you can't grant new access for disjoined users userA is moved but userB hasn't yet. For example, say mailboxuser1 has granted mailboxuser2 rights to his inbox. You migrate just mailboxuser1, when you look at the inbox permissions you see the unresolved SID for mailboxuser2 but access still works even though mailboxuser2 hasn't been migrated. Once you migrate mailboxuser2 the SID will resolve.  But say you accidently removed the unresolvedSID, you can't add add it back (unless you do reg hack to restore the mapi profile) because the GAL shows the user as a contact object.

    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

    Tuesday, March 20, 2012 3:03 PM
  • Ok I am going to try accomplishing this using Outlook 2010 & the Office Customization Tool and repost an update.

    Thanks to all.

    • Marked as answer by xmr25 Wednesday, March 21, 2012 8:28 PM
    Wednesday, March 21, 2012 8:28 PM