0

We currently run two separate domains where our new implementation of exchange 2010 is currently on a separate domain the users.

My problem is:

joe@domaina.com cant access his mailbox at joe@domainb via OWA even though full access and sendas has been granted on domainb's mailbox to domaina's account.

I keep receiving the error:

Access is denied. The Active Directory resource couldn't be accessed. This may be because the Active Directory object doesn't exist or the object has become corrupted, or because you don't have the correct permissions.

anyone able to help please?

Take care

Rob
  • 1
  • 1
  • Update: the user is able to access OWA if he logs onto domainb, but we don't want this to happen at the moment. – Rob Sep 13 '12 at 10:28
  • there is also a two way trust between both domains! – Rob Sep 13 '12 at 10:56
  • So the user is appending their full UPN to the username when logging in to OWA? Are these 2 separate domains within the same forest, or 2 separate forests? Are you using forest-wide authentication or selective authentication with your trust? – SamErde Sep 14 '12 at 00:38

1 Answers1

-1

I would check to see if sidfiltering (sometimes called quarantining) is switched on your forest trust. If it's enabled (which it is by default) then the trust will not pass SIDs over the trust, ie during the authentication process the security identifier for domaina is never passed to domainb.

Time to break out netdom as the GUI does not offer this option by default.

downthepub
  • 117
  • 5
  • SID history only applies if the objects were migrated between domains, which doesn't appear to be the case here. – MDMarra May 10 '14 at 03:32