Major problems after migrating to Exchange 2000 last weekend

  • From: bparker@xxxxxxxxxxxxx
  • To: exchangelist@xxxxxxxxxxxxx
  • Date: Thu, 14 Aug 2003 05:47:36 -0600

Setup as follows:-

NT4 domain with two way-trusts at both placeholder and user domain level
to AD 2003 native domain.

Exchange 5.5 mailbox server + Exchange 5.5 OWA/IMS server
Exchange 2000 mailbox server NLB (configured with default domain and basic
+ Integrated WINDOWS authentication - as per Microsoft recommendation). +
2 x Exchange 2000 OWA servers (configured with default domain and basic

ADC in place and working fine. Using ADC/ADMT/AD Cleanup.

Note : because of W2003 AD not compatible with Exchange 2000 had to use
ADC from Exchange 2003, and domainprep user domain with Exchange 2003 -
BUT this works fine and I do not believe this is the cause of the problem
I will describe.

The AD has user accounts from Exchange5.5 MERGED with the accounts from NT
domain. All mailboxes successfully moved using MOVE MAILBOX from Exchange
5.5 to Exchange 2000 mailbox server. ADC has one way recip agreement from
Exchange 5.5\recipients and DLs TO AD\Migrated users + Public folder
two-way + two way config agreement AD to Exchange 2000 server. All this
works fine so far.

Public folders replicated (But not re-homed yet) to Exchange 2000 mailbox
server only.

Secondary migration process. Rebuild user machines to join new AD domain
and move user data from NT to AD W2003 data servers.

Not all users have undergone this secondary process and so are still
logging in to the NT domain. Everything seems to work OK - they can access
resources, mailboxes, calendars atc, EXCEPT client permissions :-

1. Delegations made on mailbox resources on 5.5 server no longer work on
Exchange 2000 server. Have tried recreating them, but can only add
permissions to users from Exchange GAL - which only contains mailboxes on
Exchange 2000 server, which presumably only authenticate to new AD domain

2. PUBLIC folder client permissions allocated on Exchange 5.5 public
folders no longer work. Presumably same reason.

For users who now login to AD domain this all works beautifully, the
problem only affects users who login using their NT4 accounts.

3. OWA access is only available using AD account login. Even if user types
NTDOMAIN\USERID they are not able to access mailbox (Page not found). The
only way they can access is USERID/PASSWORD (AD domain is configured as
default on OWA servers).

Microsoft seem to have NOTHING about these issues, so really need you
guys' advice on this. Long-term solution is to migrate all users to new
domain login, but can we do anything in the mean time ?

Apolologies for mega-mail but really frustrated about this.



Other related posts: