How did you do the ADC/ADMT part? Ideally, you'd run the ADC first to create disabled accounts, and then ADMT them as they migrate (this grabs the sidHistory stuff). This way, all 5.5 users are represented in the E2k GAL - these disabled accounts are 'pointers' to the NT4/5.5 mailbox, and therefore should have the 'associated external account' option set on the Mailbox Rights. Neil -----Original Message----- From: bparker@xxxxxxxxxxxxx [mailto:bparker@xxxxxxxxxxxxx] Sent: 14 August 2003 12:48 To: [ExchangeList] http://www.MSExchange.org/ Setup as follows:- NT4 domain with two way-trusts at both placeholder and user domain level to AD 2003 native domain. Exchange 5.5 mailbox server + Exchange 5.5 OWA/IMS server Exchange 2000 mailbox server NLB (configured with default domain and basic + Integrated WINDOWS authentication - as per Microsoft recommendation). + + 2 x Exchange 2000 OWA servers (configured with default domain and basic authentication). ADC in place and working fine. Using ADC/ADMT/AD Cleanup. Note : because of W2003 AD not compatible with Exchange 2000 had to use ADC from Exchange 2003, and domainprep user domain with Exchange 2003 - BUT this works fine and I do not believe this is the cause of the problem I will describe. The AD has user accounts from Exchange5.5 MERGED with the accounts from NT domain. All mailboxes successfully moved using MOVE MAILBOX from Exchange 5.5 to Exchange 2000 mailbox server. ADC has one way recip agreement from Exchange 5.5\recipients and DLs TO AD\Migrated users + Public folder two-way + two way config agreement AD to Exchange 2000 server. All this works fine so far. Public folders replicated (But not re-homed yet) to Exchange 2000 mailbox server only. Secondary migration process. Rebuild user machines to join new AD domain and move user data from NT to AD W2003 data servers. Not all users have undergone this secondary process and so are still logging in to the NT domain. Everything seems to work OK - they can access resources, mailboxes, calendars atc, EXCEPT client permissions :- 1. Delegations made on mailbox resources on 5.5 server no longer work on Exchange 2000 server. Have tried recreating them, but can only add permissions to users from Exchange GAL - which only contains mailboxes on Exchange 2000 server, which presumably only authenticate to new AD domain account. 2. PUBLIC folder client permissions allocated on Exchange 5.5 public folders no longer work. Presumably same reason. For users who now login to AD domain this all works beautifully, the problem only affects users who login using their NT4 accounts. 3. OWA access is only available using AD account login. Even if user types NTDOMAIN\USERID they are not able to access mailbox (Page not found). The only way they can access is USERID/PASSWORD (AD domain is configured as default on OWA servers). Microsoft seem to have NOTHING about these issues, so really need you guys' advice on this. Long-term solution is to migrate all users to new domain login, but can we do anything in the mean time ? Apolologies for mega-mail but really frustrated about this. Rgds Brian ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: neil.hobson@xxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ______________________________________________________ This email and any files transmitted with it are confidential and intended solely for the use of the individual to whom it is addressed. Any view or opinions presented are solely those of the author and do not necessarily represent those of Silversands. If you have received this email in error, please contact our Support Desk immediately on 01202 360360 or email help-desk@xxxxxxxxxxxxxxxxx http://www.silversands.co.uk ____________________________________________________