FIM service account permission during linked mailbox provisioning

I have a FIM environment which provision a cross forest link mailbox.

When using domain admin as destination FIM MA service account, provisioning works fine.

However when using a FIM service account, provisioning failed with a corrupted mailbox.

homeMDB is empty.

A quick look into FIM event viewer shows the error: ExchangeGuid is mandatory on UserMailbox. Property Name: ExchangeGuid

The service account has the following permission:

Forest wide directory read only and replicating directory changes rights

Full control for OUs involve in the provisioning

Exchange Recipient management

I tested logging in as the service account to create the link mailbox manually and it works.

Only after adding built in domain\builtin administrators membership does the provision start to work again. However, customer requirement dictate that this is not allowed.

May I know if I missed out any additional permission required for cross forest mailbox provisioning.

Thanks in advance!


  • Edited by Viktor Lee Thursday, March 26, 2015 11:23 AM
March 26th, 2015 11:23am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics