How-to: Set cross-forest client permissions on public folders ?
Hi, I have read some topic about this like: http://social.technet.microsoft.com/Forums/en/exchangesvrdeploy/thread/98583d77-f4f8-4954-91e2-788c70057798 http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/b43068c7-0312-4ea1-83dc-534642aed218/ http://social.technet.microsoft.com/Forums/en-US/exchangesvrclients/thread/5fdf4cd7-3543-4b5d-94cc-317446ddaa46 Unfortunately the guide from the blog of Mr Jesper Bernle is nolonger available. I tried to do as what I understand as follow: 1. Create a Global group in the user forest [account forest], then add user account for whom need to access public folders in the resource forest as members. 2. Create a Domain local group in the Resource forest, then add the global group in step 1 as a member. 3. Grant permission to acess public folders to this domain local group --> failed [because this domain local group is not mail-enabled] And I stuck here because I cannot grant Add-PublicFolderClientPermission successfully to the domain local group. Add-PublicFolderClientPermission only work with mail-enabled user/mailbox/distribution group. But we can only enable mail for universal group in EMS :( Pls help me to solve this. Thanks so much ! Vic
March 17th, 2011 10:31am

Oh any suggestion on this case please ? It would be useful because I want to grant PublicFolderClientPermission to user in the account forest. Anyway do we have any other solution set cross-forest client permission on public folders ? Thanks,
Free Windows Admin Tool Kit Click here and download it now
March 18th, 2011 4:26am

As I guess you saw in my own question, Elan Shudnow replied with "The magic sauce for Outlook and Exchange to allow a "cross-forest sync'ed mailbox-enabled contact" to access a folder or act as delegate includes: (a) legacyExchangeDN (b) msExchMasterAccountSid - after this Exchange is agnostic, but Outlook wants (c) msExchRecipientDisplayType to have bit 2 set, e.g. a value of -1073741818 works and finally (d) msExchRecipientTypeDetails set to 32768." And I guess this statement is correct because when I use Add-PublicFolderClientPermission and specify the account (without any domain infront) it somehow gets translated to the account in the User Forest. I'm guessing Exchange does this with the help of msExchMasterAccountSid. Please specify the account without specifying any domain and also check to see that you meet the 4 above mentioned requirements.Jesper Bernle | Blog: http://xchangeserver.wordpress.com
March 18th, 2011 2:53pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics