We have recently merged with another company. We are using the exchnage servers in ad1 as the exchange servers for the whole company, using ad1 as the exchange resource domain. Trust have been created between ad1 and ad2. Mail flow and access to mailboxes on ad1 by users in ad2 is fine. We have the following problems however. If we create a DL in ad1and try to add a user in AD2 to it , or if we have a mialbox on ad1 and we try to add send on behalf of permissions for users in ad2 we get the following error. Microsoft Active Directory- Exchange Extension A constraint violation occurred. Facility: LDAP Provider ID no: 8007202f Microsoft Active Directory- Exchange Extension Any help would be gratefully appreciated Regards

I believe your require Microsoft Identity Integration Server 2003 to achieve the results you want.UtilizingGAL sync feature inMIIS 2003may provide you with theobjects necessarytomodify the DLs and (possibly)grant 'send on behalf' permissions. Read more about MIIS 2003 here: http://technet2.microsoft.com/windowsserver/en/technologies/featured/miis/default.mspx I hope this info helps. Let us know. Jeremy

Thanks for that Jeremy All of the mailboxes and dl's are in AD1, the user accounts in AD 2, so basically we have setup a fairly standard exchange resource domain which i dont belive requires a gal sync to work. Any other ideas would be gratefully accepted. Thanks

Would you elaborate on the AD setup? Are there two forests? You did note that you had to setup a trust, please clarify that point. Is the exchange resource domain and the user accounts domain in separate forests? What is the funtional level of each forest and domains, and what does the Exchange environment look like (server versions, functionaly level). This will give us a better understanding. Thanks Jeremy

This came about as a merger, we had one existing forest with exchange and they had their own. WE have head office staff user accounts and mailboxes in forest 1. Forest 2 used touse its own exchange server. We created a one way forest trust and migrated all the mailboxes of the new remote usersfrom forest 2 to forest 1. Their login accounts remain in forest 2 although a disabled user account is created in forest 1 by the mailbox migration process. Mailflow works fine. The problem we have is that when we try to give a forest1 user permissions to send on behalf of a mailbox in forest 2 this throws up the error message. Ad/forest 1 Head office site - exchange severs reside here - Ad/forest 2remote company - user accounts in this forest. Ad /forest 2 was origonally another company which we have integrated into our organisation . We are using exchange servers from ad forest 1 to host the mailboxes of the users from ad/forest 2 In order to setup the mailboxes we created a one way forest trust. Subsequent to that we have created a two way forest trust to try to get this configuration to work. Both Forests are 2003 native. Exchange servers are 2003 sp2 , native. Hopefully that helps if not let me know and i will try to explain regards