Microsoft Knowledge Base Email Alertz
All KB/RSS Links  |  Hot Kb!  |  New Kb!  |  Scott Cate  |  FAQ / KB  |  Web Hosting  |  Unsubscribe  

A migrated mailbox cannot send on behalf of Exchange Server 5.5 mailboxes in Exchange 2000 Server and in Exchange Server 2003

Search KbAlertz

Advanced Search

Receive Microsoft Knowledge Base articles by E-Mail?

Every night we scan the Microsoft Knowledge Base. If technologies you're interested in are updated, we'll send you an e-mail. You only get one e-mail a day, and only when new articles are added.
Click here to create a
FREE account
Already have an account?
[Click here to Login]











Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks
Article ID: 920860 - Last Review: October 25, 2007 - Revision: 1.3

A migrated mailbox cannot send on behalf of Exchange Server 5.5 mailboxes in Exchange 2000 Server and in Exchange Server 2003

View products that this article applies to.

SYMPTOMS

You migrate a mailbox from Microsoft Exchange Server 5.5 to Microsoft Exchange 2000 Server or to Microsoft Exchange Server 2003. After you do this, that mailbox cannot send on behalf of Exchange Server 5.5 mailboxes.
Back to the top

CAUSE

This issue occurs because Exchange Server 5.5 uses the Exchange Server 5.5 object distinguished name to determine permissions on Exchange Server 5.5 objects. Therefore, the access control list uses the Exchange Server 5.5 object distinguished name as the access control entry for assigned rights when you grant or delegate mailbox access to another account. Exchange Server 5.5 does not use security descriptors (NT Account SIDS) as the access control entry for delegated rights on mailboxes, or as the access control entry for public folders.

After you migrate an Exchange Server 5.5 mailbox to a server that is running a later version of Exchange Server, the user account passes its ObjectSID in the access token to Exchange Server 5.5. The user account does this when the user tries to access a public folder or to use a delegated right on an Exchange Server mailbox. Because Exchange Server 5.5 uses the Exchange Server 5.5 object distinguished name to determine permissions on Exchange Server 5.5 objects, the operation fails.
Back to the top

WORKAROUND

To work around this issue, migrate the shared mailbox and the mailboxes that have delegated rights at the same time to the server that is running Exchange 2000 Server or Exchange Server 2003. Alternatively, migrate the shared mailbox to the Exchange 2000 Server server or the Exchange Server 2003 server first. Then, move the mailboxes that have delegated rights.
Back to the top

MORE INFORMATION

This issue does not occur when Exchange Server 5.5 mailboxes send on behalf of Exchange 2000 Server or Exchange Server 2003 mailboxes. Exchange 2000 Server and Exchange Server 2003 recognize the object distinguished name.

In Exchange 2000 Server and in Exchange Server 2003, the object distinguished name is referred to as the LegacyExchangeDN. Exchange Server queries the Active Directory directory service for the LegacyExchangeDN to determine what the ObjectSID of that account is. Exchange Server then passes the ObjectSID to the mailbox discretionary access control list. If the ObjectSID is listed, it is granted the appropriate access or rights.

For more information about how to migrate mailboxes from Exchange Server 5.5, visit the following Microsoft Web sites:
http://www.microsoft.com/technet/prodtechnol/exchange/2000/library/mme55e2k.mspx (http://www.microsoft.com/technet/prodtechnol/exchange/2000/library/mme55e2k.mspx) http://technet.microsoft.com/en-us/library/aa996194.aspx (http://technet.microsoft.com/en-us/library/aa996194.aspx)
For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
328871  (http://kbalertz.com/Feedback.aspx?kbNumber=328871/ ) How to use the Exchange Migration Wizard to migrate mailboxes from an Exchange organization
328809  (http://kbalertz.com/Feedback.aspx?kbNumber=328809/ ) Migrating mailboxes from an Exchange Server 5.5 organization to a separate Exchange 2000 or Exchange Server 2003 organization
Back to the top
APPLIES TO
  • Microsoft Exchange Server 2003 Enterprise Edition
  • Microsoft Exchange Server 2003 Standard Edition
  • Microsoft Exchange 2000 Server Standard Edition
  • Microsoft Exchange Server 5.5 Standard Edition
Back to the top
Keywords: 
kbexpertiseadvanced kbtshoot KB920860
Back to the top
        

Community Feedback System

Very often, it takes hours to solve a problem. Very often, you've looked high and low, and have tried a lot of solutions. When you finally found it, chances are, it was because someone else helped you. Here's your chance to give back. Use our community feedback tool to let others know what worked for you and what didn't.

Please also understand that the community feedback system is not warranted to be correct, it's simply a system that we've built to let people try and help each other. If something in a feedback response doesn't make sense to you, or you're not comfortable making changes that the feedback talks about (like registry edits), please consult a professional.

Thank you for using kbAlertz.com Feedback System.

-- Scott Cate

Copyright © 2002-2007 KBALERTZ.COM.  All Rights Reserved. Terms / PrivacyDiscount ASP.NET Hosting