• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 73
  • Last Modified:

Migrated Mailbox Permissions

We have an on-premise Exchange server and have installed a hybrid server and the Windows Azure directory synchronisation tool. This is all working as expected.

When we are migrating users, some are highlighting that they can no longer access calendars, mailboxes, use send as and send on behalf of facilities of users which are on the on-premise Exchange server and vice versa.

I know from a previous post that Microsoft have stated that cross-site permissions are not supported and that during the migration, these permissions would not be automatically preserved, however it was my understanding that the permissions could be manually applied. We even had a script which extracts all of the permissions to help with this process.

After migrating a few other users who had access to on-premise mailboxes and resources, they can no longer access / use these resources despite us applying the correct permissions via the relevant PowerShell commands. We have migrated other users before and applied the permissions afterwards and that has worked.

After speaking with Microsoft, they have just re-stated that cross-site permissions are not supported. However, if this is the case then why would previously migrated mailboxes for other users work when we have manually applied the permissions? When this was challenged, Microsoft stated 'it may work initially, but then may drop-off' later on. This doesn't make any sense to me.

They have further stated that you have to migrate every user who use each others resources together. What is the point in having a hybrid server if migrated mailboxes cannot be migrated in phases when restricted by common resource access?
1 Solution
Vasil Michev (MVP)Commented:
Nothing much we can tell you either. "Not supported" doesnt mean that it will not work in some cases, it means that Microsoft will not help you troubleshoot such scenarios, will not release fixes for them and doesnt recommend using them.

If you want to keep the permissions, you need to make sure to move the involved recipients in the same batch. This doesnt mean that you have to migrate everyone in single batch. Some permissions will also be preserved simply because they are stored in the user object, not the mailbox; others might 'seem' to work because of the way you are accessing the delegate mailbox. The point here is that you should not rely on any of those 'exceptions' and to plan accordingly to what Microsoft recommends/supports.
HypervizorAuthor Commented:
Thanks Vasil.

All seems a bit limited to me - particularly when we have so many resources that are accessed by many.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now