Need help resolving error when managing mailbox folder rights for users in different subdomains in Exchange 2016

Hello,
We have trouble adding rights to the calendar folder of one user to another user who is on another subdomain.
We run Exchange 2016 (Version 15.1 (Build 1466.3) and have a main domain we will call domain.local and 5 subdomains. Exchange server is in domain.local.
User1 is in subdomain A.domain.local and has email address user1@customdomain1.com
User2 is in subdomain B.domain.local and has email address user2@customdomain2.com
We ran the following command to add LimitedDetails rights to B.domain.local\user2 on A.Domain.local user2’s calendar:
Add-MailboxFolderPermission -Identity A.domain.local\user1:\calendar -User user2@customdomain2.com -AccessRights LimitedDetails

We get the following error:
The user "FirstName Lastname user2@customdomain2.com" was found in Active Directory but isn't valid to use for permissions. Try an SMTP address instead.
+ CategoryInfo          : NotSpecified: (:) [Add-MailboxFolderPermission], InvalidInternalUserIdException
    + FullyQualifiedErrorId : [Server=XXXXXX,RequestId=XXXXXXX,TimeStamp=01.02.2019 10:31:07] [FailureCategory=Cmdlet-InvalidInternalUserIdException]XXXXXX,Microsoft.Exchange.Management.StoreTask
   s.AddMailboxFolderPermission
    + PSComputerName        : exc01.domain.com

Can you please help us solve this problem?
Thanks in advance for your help.
Best regards
LVL 1
Blaise FournierSystems EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Roland LeeSenior Systems EngineerCommented:
Maybe you can try something like this
Get-Mailbox "WhateverMailbox" | Add-MailboxPermission -AccessRights FullAccess, ExternalAccount -User "remote-domain\user"
Ibrahim BennaTechnology LeadCommented:
Is user2@customdomain2.com the person's SMTP address or is it their UPN with a custom suffix?

Can you try using User2's Alias or even their full DN as in:

Add-MailboxFolderPermission -Identity A.domain.local\user1:\calendar -User "CN=User2,OU=xyz,DC=B,DC=domainDC=local" -AccessRights LimitedDetails
Blaise FournierSystems EngineerAuthor Commented:
Thanks for the tip Ibrahim Benna, but the error remains the exactly same.
Price Your IT Services for Profit

Managed service contracts are great - when they're making you money. Yes, you’re getting paid monthly, but is it actually profitable? Learn to calculate your hourly overhead burden so you can master your IT services pricing strategy.

Blaise FournierSystems EngineerAuthor Commented:
Thank you Roland Lee but what I want to achieve is to add a permission to the user's calendar. The command you suggested would try to add permissions to the mailbox. In my case this is not an option.
Blaise FournierSystems EngineerAuthor Commented:
user2@customdomain2.com is the person's SMTP address. Sorry I forgot to mention this.
Blaise FournierSystems EngineerAuthor Commented:
Hello,

We have investigated and found out that the error appears only with users which have been migrated during a cross-forest migration. The command runs normally for users that have been created after the migration. Thank you all for you input. I will post more info as we continue to investigate.
Blaise FournierSystems EngineerAuthor Commented:
The command works again without action on our part ... I guess we'll never know what happened here.
Blaise FournierSystems EngineerAuthor Commented:
The error appears again. A case has been opened with MS support and will post a solution if one is found.
Best regards
Blaise
Blaise FournierSystems EngineerAuthor Commented:
No news so far sorry.
Blaise FournierSystems EngineerAuthor Commented:
Hello,

Turns out an AD attribute was causing the problem for users which had been migrated from a single domain forest to a multi domain forest.
AD Attribute msExchRecipientDisplayType of users with the problem was set to "0" when it should have been "1073741824"

The following powershell commands run on a DC allowed this issue to be corrected (use at your own risk)

Import-Module activedirectory
Get-ADUser -Filter * -Properties msExchRecipientDisplayType | Where-Object {$_.msExchRecipientDisplayType -eq "0"} | Set-ADObject -Replace @{msExchRecipientDisplayType=-1073741824}

For more on recipient type values :
https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_exchon-mso_o365b/recipient-type-values/7c2620e5-9870-48ba-b5c2-7772c739c651

NB ; solution was found by one of our engineers not by MS Support.

Best regards
Blaise Fournier

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.