The environment i am working on is as follows: The original domain where both user accounts and their mailboxes exist in this example is called forest A. Forest A is a windows 2003 AD environment with Exchange Server 2003 with SP2. My new domain is in a new forest and for this example we can call it forest B. Forest B is a windows 2008 R2 AD environment and currently does not have Exchange. There is a two way trust between forest A and forest B. To migrate user accounts across i am using the ADMT v3.2 tool. My situation is that when i migrate the user across to forest B, the migrated account cannot access the mailbox. When i open outlook an authentication box pops up. I have tried putting in the credentials of the original account and of the migrated account and neither seem to work. I originally disabled the AD account in forest A when i migrated to forest B but then i was receiving the following error when an attempt was made to email the mailbox: The message reached the recipient's e-mail system, but delivery was refused. Attempt to resend the message. <blmbmbex1.local #5.2.1> To fix this i had to enable the account again, and then in the Advanced security section of the mailbox i had to tick allow on "Associated External Account" for the user self. After a period of time the mailbox was accessible again, but still only accessible to the account in forest A. The problem im having is even harder to understand, as i do have some accounts in Forest B that can access their mailbox in Forest A but as far as i can see are not different to the accounts that cannot access their mailbox when using the migrated account in forest B. Is there a particular sequence i should be following in this situation? Is there a way i can disable the account in forest A and still allow the user in forest B to access the mailbox? I am performing a domain migration so will have to do this procedure on about 1000 accounts so the simplest was to resolve this would be very helpful. Kind Regards Mark Dordoy

Hi, I’m a little confused. Do you mean that the user still exists in forest A after migrating it to forest B? Why do you need disable the account in forest A when trying to migrate certain account to forest B? At this stage, I suggest you temporarily create a test user account and mailbox in forest A, and then refer to the following article to migrate the user account to forest B to check the result. http://technet.microsoft.com/en-us/library/cc784018(WS.10).aspx Meanwhile, if there is any error message in Event Viewer, please feel free to post it here. Thanks. NovakPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Novak When we migrate the user from Forest A to forest B, we currently keep the account in forest A. We orginially disabled it to prevent users from loggin into their deskop with their account in forest A. As we encountered the error as mentioned above we had to enable their account in forest A so that their mailboxes could be accessed again and so that it could receive mail. --- Event Type: Error Event Source: MSExchangeIS Mailbox Store Event Category: Logons Event ID: 1022 Date: 25/05/2011 Time: 09:33:04 User: N/A Computer: BLMBMBEX1 Description: Logon Failure on database "First Storage Group\Standard Users" - Windows 2000 account BRITISH-MUSEUM\SHall; mailbox /o=BM/ou=First Administrative Group/cn=Recipients/cn=LSaxton. Error: -2147221231 --- Event Type: Warning Event Source: MSExchangeIS Event Category: General Event ID: 9548 Date: 25/05/2011 Time: 09:33:04 User: N/A Computer: BLMBMBEX1 Description: Disabled user /o=BM/ou=First Administrative Group/cn=Recipients/cn=LSaxton does not have a master account SID. Please use Active Directory MMC to set an active account as this user's master account. --- I also have this error in my event log however im not sure if that is relevent to this problem or not: --- Event Type: Error Event Source: MSExchangeIS Event Category: General Event ID: 9667 Date: 25/05/2011 Time: 09:39:38 User: N/A Computer: BLMBMBEX1 Description: Failed to create a new named property for database "First Storage Group\Standard Users" because the number of named properties reached the quota limit (9218). User attempting to create the named property: "SYSTEM" Named property GUID: 00020386-0000-0000-c000-000000000046 Named property name/id: "X-Google-Group-Id" --- Mark Dordoy

I have now noticed that since users are no longer disabled in forest A, when you run outlook with the migrated account in forest B it will prompt for credentials. If you enter the credentials of the account in forest A, the mailbox will open. You have to supply credentials each time you login and use outlook.Mark Dordoy

With Exchange 2007 or 2010 is would have been very easy to configure linked mailboxes. From what I remember from Exchange 2003 it's a bit more complicated. Perhaps you'll find some help here. The MSExchange.org article looks good: how to set up linked mailbox in exchange 2003 http://social.technet.microsoft.com/Forums/en-US/exchangesvrdeploy/thread/4b5b3d6b-416a-4368-bae2-c8ec4768d8ad/ A different approach could be to install Exchange 2010 in your new forest. Move users with mailboxes. Make sure none of the Exchange organizations are authoritative for your SMTP domain and that the proper send connectors are in place.MCTS: Messaging | MCSE: S+M