Microsoft Outlook - You do not have permission to log on.

Hello Experts,

I have a child domain and a parent domain setup on Active directory.  Parent domain is and the child domain is  The exchange servers for the whole enterprise is under the parent domain and everyones email address is

The issue I'm having is I cannot get the users in the child domain to connect on outlook.  Outlook gives a message "You do not have permission to log on", it never gives you an option to put a user name or password with a different domain name.

How do I resolve this?

Who is Participating?
It sounds like the user AD accounts in the child domain are not assigned permissions to the AD objects for the users mailboxes in the parent domain.  You may want to check a user account in the parent domain, under Exchange Advanced, Mailbox Rights and verify the child AD domain account shows up in the Group or Usernames and that it has FULL Mailbox Access permissions checked.  

go to a workstation and build a new MAPI profile
control panel -> mail -> profiles new ...
can you get check name to work?
if not something is prohibiting connecting to the server to see the server or the GAL or the OAB
is DNS in good shape?
try iisreset on the exchange server
on exchange server try rebuilding the default offline address book.
XoraITAuthor Commented:
Check name works fine, no issues there.  But when you launch outlook to get emails, it gives that message.

Yes, DNS is good shape.

Should I still rebuild the offline address book?  I dont think its corrupted.

XoraITAuthor Commented:
You are absolutely correct, that makes sense, very simple.  I cant beleive I didnt think of it from that angle even though it was telling me from that message.

Thanks Dave.


You're welcome. I'm glad it worked!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.