No announcement yet.

Exchange 2003 - Single Forest - Multiple Domains

  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2003 - Single Forest - Multiple Domains

    Hello All,

    I am having a bit of a hard time getting this to work and feel quite frusturated that I haven't been able to fix it.

    I currently have a setup that looks like this
    -Exchange Server
    -Domain Controller(s)

    -NO Exchange Server
    -Domain Controller(s)

    and they are both in a single forest, with trusts set up both ways.

    Now, I have just realized whenever I create a user in DOMAIN_B that wasn't migrated from DOMAIN_A (with its Mailbox), the Email Address(es) tab does not populate automatically as it does in DOMAIN_A and nor does the EMAIL in the general tab. even though when I create the User, the exchange process shows "Success" when it creates a mailbox (that does not show up in Exchange System Manager)...

    I do not know what to do...

    I have added the RUS for DOMAIN_B and I get these errors logged everytime I try to rebuild it...

    (ERROR #1)
    Event Type: Error
    Event Source: MSExchangeAL
    Event Category: LDAP Operations
    Event ID: 8270
    Description: LDAP returned the error [32] Insufficient Rights when importing the transaction dn: <GUID=1631A14EC051DF4C87260F7AE8212AE6> changetype: Modify showInAddressBook:add:CN=All Users,CN=All Address Lists,CN=Address Lists Container,CN=<Exchange_Organization_Name> ... : CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists
    mail:[email protected]
    textEncodedORAddress:c=us;a= ;p=Org;o=Site;s=LastName;g=FirstName;
    proxyAddresses:SMTP:[email protected] : X400:c=us;a= ;p=Org;o=Site;s=LastName;g=FirstName; : smtp:[email protected]

    (Error #2)
    Event Type: Warning
    Event Source: MSExchangeAL
    Event Category: Replication
    Event ID: 8315
    Description: The service could not update the entry 'CN=UserName,CN=Users,DC=domain,DC=com' because inheritable permissions are not propagated to this object. The inheritable permissions may be disabled because the object belongs to a Windows 2000 administrative group or the inheritable permissions were disabled explicitly by an administrator. DC=ServerDC1,DC=domain,DC=com.

    Please Help!

  • #2
    Re: Exchange 2003 - Single Forest - Multiple Domains

    I don't know what I did, but it's working now...

    I /domainprep 'ed the Offending Domain (DOMAIN_B) and re-/forestprep 'ed the Exchange Server using (DOMAIN_A)'s DOMAIN_A\Administrator account... Then I made sure DOMAIN_B\Administrator was delegated permissions...

    I also added DOMAIN_B\Administrator to Schema Admins, Enterprise Admins... But after that I checked DOMAIN_B's AD and made sure DOMAIN_A\Administrator was also a part of Domain Admins there...

    If anyone else is having issues, I suggest trying out the steps outlined in the Knowledgebase Article on the Microsoft Website.
    After that, restart the Domain controller on the offending Domain and then restart the Exchange Server...

    Also, Make sure DOMAIN_B\Administrator has its permissions inherited by it having a Tick in it's Security Tab... Follow the knowledge base article for more instructions on it.

    Here is the Link.