Migrated Mailbox Permissions

We have an on-premise Exchange server and have installed a hybrid server and the Windows Azure directory synchronisation tool. This is all working as expected.

When we are migrating users, some are highlighting that they can no longer access calendars, mailboxes, use send as and send on behalf of facilities of users which are on the on-premise Exchange server and vice versa.

I know from a previous post that Microsoft have stated that cross-site permissions are not supported and that during the migration, these permissions would not be automatically preserved, however it was my understanding that the permissions could be manually applied. We even had a script which extracts all of the permissions to help with this process.

After migrating a few other users who had access to on-premise mailboxes and resources, they can no longer access / use these resources despite us applying the correct permissions via the relevant PowerShell commands. We have migrated other users before and applied the permissions afterwards and that has worked.

After speaking with Microsoft, they have just re-stated that cross-site permissions are not supported. However, if this is the case then why would previously migrated mailboxes for other users work when we have manually applied the permissions? When this was challenged, Microsoft stated 'it may work initially, but then may drop-off' later on. This doesn't make any sense to me.

They have further stated that you have to migrate every user who use each others resources together. What is the point in having a hybrid server if migrated mailboxes cannot be migrated in phases when restricted by common resource access?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Vasil Michev (MVP)Commented:
Nothing much we can tell you either. "Not supported" doesnt mean that it will not work in some cases, it means that Microsoft will not help you troubleshoot such scenarios, will not release fixes for them and doesnt recommend using them.

If you want to keep the permissions, you need to make sure to move the involved recipients in the same batch. This doesnt mean that you have to migrate everyone in single batch. Some permissions will also be preserved simply because they are stored in the user object, not the mailbox; others might 'seem' to work because of the way you are accessing the delegate mailbox. The point here is that you should not rely on any of those 'exceptions' and to plan accordingly to what Microsoft recommends/supports.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
HypervizorAuthor Commented:
Thanks Vasil.

All seems a bit limited to me - particularly when we have so many resources that are accessed by many.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Office 365

From novice to tech pro — start learning today.