URGENT! SIDHistory permissions on migrated mailboxes?

[Peter]

Group,

I have created a new W2K3 domain and installed Windows 2000/Exchange2000 on
a member server in a new Exchange org.
Now, We have migrated the users from the NT4 domain and kept the SIDHistory
attribute. The NT4 domain i still in production and many of the users still
logs on to the NT4 domain but some logs in to the AD domain. They can both
access resources in the NT4 domain without problems.

Now, i will mail enable the AD users and use the Exchange 2000 migration
wizard to move the mailboxes from the old NT4/Exchange 5.5 domain/org to the
new exchange server. The move goes without problem.

BUT! When users that logs in to the old NT4 domain tryes to connect to
mailboxes in the new AD domain the permissions does not work. Why?

Users thats logs on to the new AD domain can access their mailboxes without
any problems.

How can i solve this without the need for changing the logon domain for all
users to the new AD domain?

Thanks for your help!

/Peter

 

[Nicholas Basile\(MSFT\)]

Users should not be loging into two different domains. If resources are
accessed in both domains, there should be a trust between the 2.
If you are mail enabling mail disabled users, this is bad. The idea behind
SIDHistory is to migrate the users security principal, retain their legacy
permissions. Once you migrate the user account, those users should only log
into the AD domain.
As far as Exchange is concerned, the user is mail disabled on the AD side
because there is a vlaue called msexchmasteraccountSID enabled on each user
object. This is the "pointer" back tothe 5.5 mailbox.

--
Nicholas Basile(MSFT)
(e-mail address removed)
Microsoft PSS

Please do not send email directly to this alias is for newsgroup purposes
only!.
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Peter]

OK, so if i have mail enabled the AD user, will this disturbe the ad users
possibility to access the old 5.5 mailbox?!?

/Peter