RE: Major problems after migrating to Exchange 2000 last weekend

  • From: "Neil Hobson" <Neil.Hobson@xxxxxxxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Thu, 14 Aug 2003 13:39:46 +0100

How did you do the ADC/ADMT part?  Ideally, you'd run the ADC first to
create disabled accounts, and then ADMT them as they migrate (this grabs
the sidHistory stuff).  This way, all 5.5 users are represented in the
E2k GAL - these disabled accounts are 'pointers' to the NT4/5.5 mailbox,
and therefore should have the 'associated external account' option set
on the Mailbox Rights.


-----Original Message-----
From: bparker@xxxxxxxxxxxxx [mailto:bparker@xxxxxxxxxxxxx] 
Sent: 14 August 2003 12:48
To: [ExchangeList]

Setup as follows:-

NT4 domain with two way-trusts at both placeholder and user domain level
to AD 2003 native domain.

Exchange 5.5 mailbox server + Exchange 5.5 OWA/IMS server Exchange 2000
mailbox server NLB (configured with default domain and basic
+ Integrated WINDOWS authentication - as per Microsoft recommendation). 
+ +
2 x Exchange 2000 OWA servers (configured with default domain and basic

ADC in place and working fine. Using ADC/ADMT/AD Cleanup.

Note : because of W2003 AD not compatible with Exchange 2000 had to use
ADC from Exchange 2003, and domainprep user domain with Exchange 2003 -
BUT this works fine and I do not believe this is the cause of the
problem I will describe.

The AD has user accounts from Exchange5.5 MERGED with the accounts from
NT domain. All mailboxes successfully moved using MOVE MAILBOX from
5.5 to Exchange 2000 mailbox server. ADC has one way recip agreement
from Exchange 5.5\recipients and DLs TO AD\Migrated users + Public
folder two-way + two way config agreement AD to Exchange 2000 server.
All this works fine so far.

Public folders replicated (But not re-homed yet) to Exchange 2000
mailbox server only.

Secondary migration process. Rebuild user machines to join new AD domain
and move user data from NT to AD W2003 data servers.

Not all users have undergone this secondary process and so are still
logging in to the NT domain. Everything seems to work OK - they can
access resources, mailboxes, calendars atc, EXCEPT client permissions :-

1. Delegations made on mailbox resources on 5.5 server no longer work on
Exchange 2000 server. Have tried recreating them, but can only add
permissions to users from Exchange GAL - which only contains mailboxes
on Exchange 2000 server, which presumably only authenticate to new AD
domain account.

2. PUBLIC folder client permissions allocated on Exchange 5.5 public
folders no longer work. Presumably same reason.

For users who now login to AD domain this all works beautifully, the
problem only affects users who login using their NT4 accounts.

3. OWA access is only available using AD account login. Even if user
types NTDOMAIN\USERID they are not able to access mailbox (Page not
found). The only way they can access is USERID/PASSWORD (AD domain is
configured as default on OWA servers).

Microsoft seem to have NOTHING about these issues, so really need you
guys' advice on this. Long-term solution is to migrate all users to new
domain login, but can we do anything in the mean time ?

Apolologies for mega-mail but really frustrated about this.



List Archives:
Exchange Newsletters:
Exchange FAQ:
Other Internet Software Marketing Sites:
Leading Network Software Directory:
No.1 ISA Server Resource Site: Windows Security
Resource Site: Network Security Library: Windows 2000/NT Fax Solutions:
You are currently subscribed to this Discussion List as:
neil.hobson@xxxxxxxxxxxxxxxxx To unsubscribe send a blank email to


This email and any files transmitted with it are confidential and 
intended solely for the use of the individual to whom it is addressed. 
Any view or opinions presented are solely those of the author and do 
not necessarily represent those of Silversands.

If you have received this email in error, please contact our Support 
Desk immediately on 01202 360360 or email help-desk@xxxxxxxxxxxxxxxxx  

Other related posts: