locked
Exchange 2010 Cross-forest administration of public folders problem RRS feed

  • Question

  • Hello,

    Using linked role groups (http://technet.microsoft.com/en-us/library/dd876918%28d=printer%29.aspx), we linked a few role groups in an Exchange 2010 resource forest with a universal security group (USG) in a foreign user forest. This is enable cross-forest administration of Exchange 2010.  We created following foreign USGs and added necessary foreign users to them.


    Organization Management Administrators

    Recipient Management Administrators

    Public Folder Management Administrators

    Using one of the foreign user accounts, we've tested administering Exchange 2010 in resource forest (like creating/deleting mailbox, creating/deleting distribution groups, etc.) and everything seems to work perfectly fine except public folder management console.  When the user tried to access Default Public Folder, it throws below error.

    ---------------------------
    Microsoft Exchange
    ---------------------------
    No existing 'PublicFolder' matches the following Identity: '\'. Make sure that you specified the correct 'PublicFolder' Identity and that you have the necessary permissions to view 'PublicFolder'. It was running the command 'get-publicfolder -getchildren -identity '\' -server 'xxxxxxxxx''.
    ---------------------------
    OK   
    ---------------------------

    Would you please help us resolving the problem?

    Thanks & Regards

    Friday, July 20, 2012 12:18 PM

All replies

  • Did you use EMS to check for that?

    I will go to test this in my lab, and post the update.

    Thanks,

    Evan

     


    Evan Liu

    TechNet Community Support

    Monday, July 23, 2012 8:30 AM
    Moderator
  • Thanks for the response,  Evan.

    Yes, I used EMS -> Toolbox -> Public Folder Management Console.

    Monday, July 23, 2012 8:45 AM
  • Hi Ravi,

    Sorry for late reply.

    In my test lab (Exchange 2010 SP2 Rollup1), I cannot use the foreign user account to manage public folder.

    What is your Exchange version?

    If you use resource forest administrator account to do that way (open in the foreign forest EMC), can you manage the public folder?

    Thanks,

    Evan


    Evan Liu

    TechNet Community Support

    Thursday, July 26, 2012 5:22 AM
    Moderator
  • Hi Evan,

    Thanks much for your response.

    >> In my test lab (Exchange 2010 SP2 Rollup1), I cannot use the foreign user account to manage public folder. What is your Exchange version?

    Our exchange version is same - Exchange 2010 SP2 Rollup1. We're planning to apply Rollup2 and Rollup3 this weekend.

    >> If you use resource forest administrator account to do that way (open in the foreign forest EMC), can you manage the public folder?

    Yes, of course. It works fine with the resource forest admin accounts (local accounts in the exchange forest) .

    Thanks & Regards

    Friday, July 27, 2012 5:59 AM
  • Hi Evan,

    Even after applying Exchange 2010 SP2 Rollup2 and Rollup3, the issue is still not resolved.  Would you please let me know your findings and how to proceed further?

    Thanks much.

    Tuesday, July 31, 2012 11:49 AM
  • Hi Evan,

    Any luck in finding a solution?

    Thanks & Regards

    Thursday, August 9, 2012 4:11 AM
  • Hi Evan,

    I am just wondering if you got a chance to look into this.

    Thanks

    Monday, August 27, 2012 12:02 PM
  • I'm also experiencing issues managing public folders via the Public Folder Management Console as well as EMS when using a foreign account in the accounts forest. The error I receive is "AuthzInitializeContextFromSid failed for User SID: S-1-5-21-3907876173-10839007-1166362426-1187."

    I can manage everything else that I've tried in EMC and EMS. The account is a member of the linked Organization Management role group. The Exchange version is Exchange 2010 SP2 Rollup 6.

    Is there any way to manage public folders with a foreign account?

    Thanks,

    -Cory

    Friday, March 22, 2013 10:05 PM
  • I found that converting the 1-way forest trust into a 2-way forest trust solved the issue. I could then manage public folders with the foreign account. However, this isn't a valid option for us for various security reasons.

    I also found that this issue doesn't exist in Exchange 2003, 2007 or 2013. It sounds like it's a bug in Exchange 2010. Can anyone from Microsoft verify this?

    Thanks,

    -Cory

    Thursday, April 11, 2013 6:49 PM