Exchange 2003 - cross domain permissions
Hi
I am in a gov Service Desk that has recently gone through a Machinery of Government. We have a joint Service Desk with delegated permissions within AD for user management across two trusted networks. We have a multi-forest environment with separate
exchange servers. All IT services are going to be manged through admin accounts from the target domain. We have the permissions set so that the admin accounts can create, modify and delete user accounts however we are unable to get the exchange system manager
to point to the separate exchange when using exchange tasks from AD on the target domain.
E.g. Admin officer with admin support account on domain A receives request to add a user from domain b to a mailbox from domain b.
When trying to get these permissions to stick we receive an error.
E.g. 2 - when trying to create a mailbox on an existing account on domain b only the exchange server for domain a is available in the list. However, when creating a user in domain b from scratch the correct exchange is available.
We have been granted exchange administrator permissions on the domain b exchange server is there any settings in AD that might be stopping this ability?
Any help with this would be appreciated
October 7th, 2010 1:50am
On Thu, 7 Oct 2010 05:47:31 +0000, S.Brown wrote:
>I am in a gov Service Desk that has recently gone through a Machinery of Government. We have a joint Service Desk with delegated permissions within AD for user management across two trusted networks. We have a multi-forest environment with separate exchange
servers. All IT services are going to be manged through admin accounts from the target domain. We have the permissions set so that the admin accounts can create, modify and delete user accounts however we are unable to get the exchange system manager to point
to the separate exchange when using exchange tasks from AD on the target domain.
>
>E.g. Admin officer with admin support account on domain A receives request to add a user from domain b to a mailbox from domain b.
Are domain A and B in the same AD forest? Are there one, or two,
Exchange organizations? Does the admin officer have the necessary
permission in the other domain (or forest) to accomplish the task?
>When trying to get these permissions to stick we receive an error.
>
>E.g. 2 - when trying to create a mailbox on an existing account on domain b only the exchange server for domain a is available in the list. However, when creating a user in domain b from scratch the correct exchange is available.
>
>We have been granted exchange administrator permissions on the domain b exchange server is there any settings in AD that might be stopping this ability?
Not just the AD, but the management tools, too. Exchange AD
information is in the configuration container of the AD, and the
forest in which the user is logged on will be the one in which the
management tools will find that information.
Try logging on with a user in the other forest and see if your problem
goes away.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
October 7th, 2010 3:34pm