Hey guys,
I'm now working at a new customer. They got multiple domestic forests and one resource forest.
Let’s call them…
Dom1.domestic
Dom2.domestic
Dom3.domestic
Int.resource
By the way different domains have been migrated with the Quest Migration Manager and still are in sync. So in order to be prepared for a QMM resync we always have set the needed permissions in the domestic forests. So they could sync properly to int.resource and FullAccess and Send-As are working fine.
This works for dom1.domestic and dom2.domestic because they got an own dedicated Exchange 2003 environment and so we are able to set the needed permissions in the EX2003 tabs in the AD objects even for shared mailboxes if they are created in the domestic domain.
But for dom3.domestic it works not, because it got no Exchange environment. So in this case you create a shared mailbox in int.resource and grant FullAccess permission via powershell for the account in dom3.domestic.
Although this is the way Microsoft intended it to work, unfortunately it does not. So I think that the granted permissions will not pass-through to the domestic domain.
Have you got any idea where I could start searching?
Kind regards,
Chris