Cannot list Exchange properties of migrated User accounts. (NETIQKB48913)

  • 7748913
  • 02-Feb-2007
  • 21-Jun-2007

Resolution

fact
Directory and Resource Administrator 7.x

fact
Domain Migration Administrator 7.x

fact
Microsoft Exchange Server 5.5

symptom
Cannot list Exchange properties of migrated User accounts.

symptom
Mailbox properties unavailable on Microsoft Exchange 5.5.

symptom
After I migrated from Windows NT 4.0 to Active Directory, I can see Exchange properties for the NT 4.0 accounts, and all new accounts created with DRA, but not Exchange properties for the migrated Active Directory Accounts.  The Exchange properties are grayed out.

cause
Exchange 5.5 ACLs are not associated with Active Directory user accounts.

fix

If users need to continue accessing their Exchange 5.5 mailboxes after a migration to Active Directory, or if DRA will be used to administer Exchange 5.5 mailboxes for Active Directory user accounts, the security descriptor on the Exchange 5.5 mailbox must refer to the new Active Directory account as the primary account, even if the NT 4.0 SID history has been migrated.

The native Active Directory Migration Tool features a component called the Exchange Directory Migration Wizard (EDMW) which accomplishes this task.  If the migration is done using any other method and the Exchange 5.5 mailbox security descriptors were not changed to reflect the new Active Directory account, they must be changed manually or though an automated process such as scripting.

NetIQ Domain Migration Administrator includes the Translate Security for Exchange Mailboxes which can also complete this task.  For more information, see NETIQKB4323: "How can Exchange 5.5 mailboxes be accessed after users and groups have been migrated to a new domain using DMA?"



Additional Information

Formerly known as NETIQKB48913