Hi We have a service account for an application (Blackberry) that has the following permissions on user mailboxes and Exchange: Send As, Receive As, Administer Information Store, Exchange View Only I was wondering which of these were AD permissions and which Exchange permissions. That is, which are granted to the BES Admin AD account's SID, and which are granted to the corresponding mailbox of the BES Admin account? Reason I ask is that we are looking to migrate to Exchange 2010, and one thought was to have the Exchange mailboxes in one forest and the AD accounts in another. So I was curious to know what would happen if this BES Admin AD account was in one forest and the associated mailbox in another?

These are definitely Exchange permissions. > Send As, Receive As, Administer Information Store, This is an Exchange permission that is applied through an AD group: > Exchange View Only This may not be a very important detail, as you generally set up a one way incoming trust to your domain hosting your users from the Exchange resource forest (allowing access to resources in the Exchange forest), so in most cases the same permissions can be applied without any issues because of the forest trust and the ability to add users from trusted domains to groups in the AD. The following article explains this concept more fully: http://technet.microsoft.com/en-us/library/cc728024%28WS.10%29.aspx -- Mike Burr

Thanks for answering! These are definitely Exchange permissions. > Send As, Receive As, Administer Information Store, - I thought that "Send As" at least was an AD permission, since it was set via AD-Security not any of the ADUC Exchange plug-ins?

It is. http://technet.microsoft.com/en-us/library/bb124403.aspx Send as, send on behalf and full access can easily be added via the simple cmdlet.MCITP: Enterprise Messaging Administrator

Hi, All of them are AD permission. Thanks Allen

Sure - but which are applied to the BES Admin account's mailbox and which to the BES Admin account's AD account? (Hope that makes sense)?

Hi, Send As and Receive As are applied to the BES Admin Account's mailbox. Thanks Allen