Why is the two-way trust relationship required for Exchange Migrator?
Exchange Migrator 1.X
Exchange Migrator 2.X
NetIQ Quality Engineering only performs testing with Two-Way trust relationships between the source and target domains. Therefore, the two-way trust relationship scenario is the only supported scenario.
A one-way trust is needed to set up permissions for the migration since this is done prior to adding a user from one domain to the Administrators Local Group of the other domain. Pass-through authentication (a.k.a 'Shadow Account'), where the source and target domains have an administrative account with the same username and password, does not work with Windows 2000 and is not a supported scenario.
Functionality that would be lost as a result of not setting up the two-way trust relationship would include at least the following. This is not a complete list because complete testing has not been done in the one-way trust relationship scenario.
- Unable to specify alternate credentials since DAPI does not allow you to pass a name and password unless a two-way trust is in place and functioning
- Unable to associate the Microsoft NT 4 account with the E2K mailbox; this only applies for an Exchange 5.5 to Exchange 2000 migration
- The ability to "Merge" accounts based on Sid History is lost