Solved

Linked Mailboxes

Posted on 2011-02-22
7
619 Views
Last Modified: 2012-05-11
Hi

We have two forests - our original AD forest (ADForest) running Windows 2008 DC and also an Exchange 2007 forest (ExchangeForest) holding user mailboxes. There are trusts etc set up, but I was wondering how this would all work.

For instance, I have a manager's mailbox in the Exchange forest. I want to give an Assistant access to that....do I just give access to their ADForest account? Wil this mean that their Outlook can access the Manager's one?
0
Comment
Question by:Joe_Budden
  • 4
  • 3
7 Comments
 
LVL 31

Accepted Solution

by:
MegaNuk3 earned 500 total points
ID: 34954369
You can do it either way. Either give the Assistants ADaccount from the AccountForest 'Full mailbox access' rights on the mailbox or if you want to do delegation or in-mailbox permissions then assign the assistants mailbox the delegated permissions or outlook subfolders permissions.
0
 
LVL 1

Author Comment

by:Joe_Budden
ID: 34954405
So whenever we come to permissions, it's exactly the same as if there was only one forest? Exchange 'knows' that whenever we want to assign someone a mailbox permission, we can use the AD account in the ADForest domain?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34954451
Yep, Apart from delegation or in-mailbox folder permissions where you will have to assign the permissions to the resource forest mailbox because you can only select objects from the GAL to give out these folder permissions.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 1

Author Comment

by:Joe_Budden
ID: 34955109
That's a good point.

If I am looking at the GAL in the ADForest - what objects am I actually looking?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34955254
The GAL is from the forest where exchange is installed and where the mailbox is located that you are using to view the GAL
0
 
LVL 1

Author Comment

by:Joe_Budden
ID: 35072992
What's the best practice though?

Same example:

AD Forest: ADForest (accounts users use to log in etc)
Exchange Forest: ExchangeForest (mailboxes only set up as Linked Mailboxes, the corresponding AD account for the mbx is disabled)

I have a Manager and I want to give his PA 'full mailbox access' to his mailbox. So I go to EMC > Mailbox > Manage Full Access Permission

What account should I add

1. The PA's ADForest user account
2. The PA's ExchangeForest account (or am I actually choosing her mailbox here)?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35073053
Add the Exchange Account/mailbox and it will work, that is the best way too.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article runs through the process of deploying a single EXE application selectively to a group of user.
In this step by step procedure, you will come to know the details of creating an Outlook meeting in 2007, 2010, 2013 & 2016.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question