Hi, Hopefully a quick and easy question for the Exchange guru's on here! I have a customer furnished Exchange 2003 server that I'm testing before the migration from Exchange 2000 begins. They have 1 forest with a parent and a child domain. All resources are in the child domain, the parent is an empty root. Upon verifying the configuration of the new Exchange server I attempted to make a change in ESM and received an LDAP error. The change isn't important, that fact that I was a domain, local and Exchange admin in the child domain and didn't have permissions to make the change in ESM is what prompted this question. Upon checking the permissions on the organisation, only the accounts from the parent domain were listed, i.e. domain admin, Exchange Full Admin etc... When I tried to delegate permissions (via ESM) to groups in the child domain I received an error to the effect that I didn't have permissions to modify the configuration partition in the parent domain. Is this normal behaviour or does this just mean that the original Exchange installation was performed using an account in the parent domain? After working around the permissions issue everything seems to be working OK, but if this isn't out of the box behaviour, are there any gotcha's? Any information will be much appreciated! Thanks, Tim

On Thu, 8 Jul 2010 09:13:28 +0000, Tim_Richardson wrote: > > >Hi, > >Hopefully a quick and easy question for the Exchange guru's on here! > >I have a customer furnished Exchange 2003 server that I'm testing before the migration from Exchange 2000 begins. They have 1 forest with a parent and a child domain. All resources are in the child domain, the parent is an empty root. > >Upon verifying the configuration of the new Exchange server I attempted to make a change in ESM and received an LDAP error. The change isn't important, that fact that I was a domain, local and Exchange admin in the child domain and didn't have permissions to make the change in ESM is what prompted this question. > >Upon checking the permissions on the organisation, only the accounts from the parent domain were listed, i.e. domain admin, Exchange Full Admin etc... When I tried to delegate permissions (via ESM) to groups in the child domain I received an error to the effect that I didn't have permissions to modify the configuration partition in the parent domain. > >Is this normal behaviour or does this just mean that the original Exchange installation was performed using an account in the parent domain? > >After working around the permissions issue everything seems to be working OK, but if this isn't out of the box behaviour, are there any gotcha's? > >Any information will be much appreciated! Were both domains prepared with "setup /domainprep"? I'm not clear on who has what, though. You say that YOU have the Exchange server and THEY have an AD forest. Is the server YOU have installed in the AD forest THEY have, or is the server installed in some other AD forest???? --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hi Tim, Any update for your issue, could you please post any more information. Regards! gavin