Exchange 2010 granting permissions to mailboxes for users in a trusted domain

Sam_Rendell
Sam_Rendell used Ask the Experts™
on
I want to grant full access permissions to one of my mailboxes to a user in a trusted domain. But EMC only gives me the option to select users from my own domain.

The trust works fine, I can create linked mailboxes for users in the other domain. Exchange is able to list users from the other domain during the linked mailbox process.

Is this situation intended or is there some additional configuration to exchange I need to do?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
steforIT Security Architect

Commented:
Right-click Recipient configuration and choose entire forest as recipient scope.

Author

Commented:
View all recipients in forest is already selected.
steforIT Security Architect

Commented:
Try these commands.

Run it from Exchange Management Shell
$AdminSessionADSettings.ViewEntireForest = $true

Get-Mailbox <mailbox> | Add-MailboxPermission -User "otherdomain\user" -AccessRights FullAccess

Open in new window

Angular Fundamentals

Learn the fundamentals of Angular 2, a JavaScript framework for developing dynamic single page applications.

Author

Commented:
The first command errors saying it can't find the attribute ViewEntireForest

The second command runs successfully but the user in the other domain I granted full rights to gets a Username Password prompt when he tries to open the mailbox. His username and password are not accepted.
steforIT Security Architect

Commented:
Can you log this user onto webmail and then open this mailbox where he's got full access to now?

Author

Commented:
I think I need to update a bit.

I have two linked mailboxes;

Linktest1
Linktest2

User "Richard" is in the trusted domain, Linktest1 was created for him. He can open Linktest1.

I granted Linktest1 full control of Linktest2 and he can now add the Linktest2 mailbox to his Linktest1 outlook profile.

To test a bit further I ran the add full permission command you gave to grant "Richard" full access to Linktest2, he has created a straight oultook profile for linktest2 which gives him the username and password prompt.
IT Security Architect
Commented:
Are you sure you haven't just given his dummy-account permissions on the mailbox?

If you check Get-MailboxPermission -Identity Mailbox
Can you see "Otherdomain\user" for the one you are trying to give access too?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial