Give Cross-Forest User Exchange 2007 ViewOnlyAdmin Role
Business drivers have me creating a Resource Domain and migrating legacy servers to that domain. All my trusts are setup and everything is resolving and auth'ing just fine. When moving my Exchange 2007 org I will be doing an new install of Exchange 2010 and migrating my mailboxes to it BUT, first I am moving AND upgrading my BlackBerry Enterprise Server environment. So, of course, BlackBerry has some permission requirements that I have to address and I also cannot distrurb my current production running BES environment. Because I'm moving BES before Exchange (Exchange 2010 move date unknown at this point) I will still be connecting BES in the resource domain to the same Exchange 2007 ORG in the current AD. Walking through the BES 5.0.2 install guide has me first creating a Windows account that has a mailbox. So I go ahead and create a Linked Mailbox. I can access it, send from it and receive to it just fine from the Resource Domain account. No problem with this step. Now, I'm asked to start with the permissions and instructed to run this cmdlet: add-exchangeadministrator "BESAdmin" -role ViewOnlyAdmin" I have a little trouble here! Ya see, since the lined mailbox account is disabled, I can't use it. I then decided to try to do it by using the EMC hoping maybe that I could select the Linked Account from the Resource domain (because I assume that's the one I really want to use rather than the disabled on in the user domain) - low and behold, I can't even select an account from my Resource domain. Then I decided to just try and add the group to the "Exchange View-Only Admin" Universal Group. I can't see my resource domain from there either! *Phew* So after that long winded, mostly unecessary background, can anyone tell me how to add a cross-forest/Linked mailbox account to an Exchange 2007 Role? Perhaps its not possible and I need to rethink this...that's fine, just need to know! Thanks, Casey
March 24th, 2011 10:44pm

The process is described in detail here: How to Configure Cross-Forest AdministrationJesper Bernle | Blog: http://xchangeserver.wordpress.com
Free Windows Admin Tool Kit Click here and download it now
March 28th, 2011 11:43am

Props tp you Jesper! Thanks for your help!~Griffter
March 28th, 2011 6:43pm

so after running setup.com /p /foreignForestFQDN:fq.res I got the infamous error: Organization Preparation ......................... FAILED The well-known object entry B:32:9C5B963F67F14A4B936CB8EFB19C4784:CN=ExchangeLegacyInterop\0ADEL:0f9dffb3-cce4-4f0b-8cd9-e8bbe6986361,CN=Deleted Objects,DC=firstquality,DC=loc al of the otherWellKnownObjects attribute on container object CN=Configuration,DC=firstquality,DC=local points to an invalid DN or a deleted object. Please remove the entry and re run the task. running, ldp I was able to find the OWKO but I'm afraid to delete it ;) Is there any risk to deleting this object using ldp.exe to my current running exchange 2007 environment? If I read the technet article correctly, it looks like the /p will just recreate the group and go on and do it's thing for the cross-forest administration steps?~Griffter
Free Windows Admin Tool Kit Click here and download it now
March 28th, 2011 9:40pm

As far as I can see, it should be fine. Setup /p will create a new pointer under oWKO for the newly created Exchange Legacy Interop group and since you doesn't seem to run any Exchange 2003, it's a group without purpose. But as always, if you are messing with Active Directory, please have a verified successful backup to restore from would needs be.Jesper Bernle | Blog: http://xchangeserver.wordpress.com
March 28th, 2011 11:33pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics