We help IT Professionals succeed at work.

Cross forest migrated user not able to access mailbox in old forest

Deathshadow
Deathshadow asked
on
I have migrated a user to a new forest domain using ADMT, but I am not able to access the users mailbox from the new domain using the sidhistory attribute.

The only thing different is the new forest domain does not have the Exchange Schema installed. Would this be the cause of the problem? I would assume the sIDHistory attribute would allow access to the mailbox.  
Comment
Watch Question

Commented:
There are two aspects to this, firstly Sid quarantining needs to be disabled and Sid history also needs to be enabled. You do this with the netdom trust command.

http://setspn.blogspot.com/2010/05/admt-configure-trusts-for-sidhistory.html

Unless you prepare the trust in this way, ADMT won't actually migrate the Sid resulting in the problem your experience.

Author

Commented:
I have confirmed that the sIDHistory is being migrated, and the trusts have been set to allow this sidhistory, but I still cannot log into the users mailbox with the migrated account. Any other ideas?
Commented:
What about quarantine? Remember there are two parts to this. It might be worth removing and re-creating the trust, making sure the history and quarantine is set correctly. Last time I did this I ran into a similar problem, what kind of trust did you configure? I found a twoway trust more reliable and if your using a two way trust you need to add /twoway to each netdom command.

Author

Commented:
Yup, it was the SID filtering issue. Once I disabled it, it replicated and started working.

Thanks

Commented:
Excellent news, glad your sorted.