Linked Mailboxes

Hi,
I have two domains, domain a and domain b. In domain a I have an Exchange 2010 server and would like to setup mailboxes for some users who have active directory accounts in domain b. I created Link mailboxes in exchange and all worked fine for
a number of days. Came in today and the users are being prompted for passwords when they open outlook and their own domain b\ username and password are not working. They can however use outlook web access.
Any ideas?
Cheers

Hi,
Did we change anything else?
Please run Outlook under safe mode to avoid some AVs, add-ins and firewall.
Please re-create a new profile to refresh the caches.
Please delete the credential, steps as below:
1. Control Panel-->User Accounts-->click Manage your credentials in the left pane
2. Click the vault that contains the credential that we want to remove.
3. Click the credential that we want to remove, and then click Remove from vault.
Please verify our Exchange Proxy Settings via Outlook.
Steps as below:
OutlookàToolsàAccount
SettingsàE-mailàclick
the Exchange accountàChangeàMore
SettingsàConnectionàExchange
Proxy Settings
Outlook Anywhere option
Description
On a fast network, connect using HTTP first, then connect using TCP/IP.
By default on a fast network, Outlook attempts to connect by using the LAN connection first. This option is cleared by default.
On a slow network, connect using HTTP first, then connect using TCP/IP.
By default, on a slow network, Outlook attempts to connect by using HTTP first. This option is set by default.
Password Authentication (NTLM).
The default authentication method. We recommend that you specify this option together with
Connect with SSL only and Mutually authenticate the session when connecting with SSL.
Basic Password Authentication.
With this option, users are prompted for a password each time a connection is made to the Exchange server. In addition, if users are not using Secure Sockets
Layer (SSL), the password is sent in clear text. This can pose a security risk.
If we are in the "Basic Password Authentication", please change to the "NTLM" for testing.
If still not working unfortunately, please verify our SSL principal name. Steps as below:
1. Please determine the FQDN that the client uses to access the resource. Steps as below:
OutlookàToolsàAccount
SettingsàE-mailàclick
the Exchange accountàChangeàMore
SettingsàConnectionàExchange
Proxy Settingsànote the FQND that list in the
Only connect to proxy servers that have this principal name in their certificate box.
2. Please using EMS to determine the value for the CerPrincipalName attribute: Get-OutlookProvider
This command returns the result for the EXPR name.
3. Please re-setting the CertPrincipalName attribute to match the FQDN via following command:
Set-OutlookProvider EXPR –CertPrincipalName: “msstd:<FQDN the certificate
is issued to>”
Hope it is helpful
Thanks
Mavis
Mavis Huang
TechNet Community Support

Similar Messages

Need help on Cross Forest Exchange 2007 - 2013 with Linked Mailboxes

Hey all,
So I'm in a bit of a pickle with my Exchange design and am trying to figure out if there's a way to migrate mailboxes across forests where Linked mailboxes are being used. I've done a bit of reading and have noted stuff like preparing the move request in
AD, etc. But I'm wondering if someone can break it down for me.
http://1drv.ms/1lWjLqG
The above is a OneNote diagram of how we have moved over time. Please forgive my sloppy handwriting but I hope it gets the point across. I will text it out here as well:
Original Design
The original design of the domains when I joined the company were fabrikam and contoso. Contoso is a domain that sits entirely in the "DMZ". Fabrikam was the internal AD forest where most services and users authenticated to. In Contoso, there
are 2 domain controllers, the "Front End" Exchange Server (Edge Transport), and the "Back End" server, which is CAS/Mailbox.
There is a forest trust between contoso and fabrikam where "Linked Mailboxes" are created in Contoso, and then the LinkedMasterAccount is set to Fabrikam.
Migration/Hybrid Design
Due to the fact that these two domains were configured massively inappropriately, riddled with security holes as well as strange permissions configurations, the decision was made to create a new internal AD domain. In my OneNote, I've labeled this 'specialbank.com'.
A long while ago we migrated users from Fabrikam to SpecialBank via trusts. To facilitate access to Exchange, a new trust was created between Contoso and SpecialBank to allow us to update the LinkedMasterAccount parameter to the new Specialbank domain.
We have most of our users authenticating to their mailboxes via SpecialBank, while the mailboxes still reside in Contoso.
Migration from Exchange 2007 to Exchange 2013
I am attempting to now figure out the best way to migrate the mailboxes from Contoso to a new set of Mailbox servers in SpecialBank. This will also be an upgrade from Exchange 2007 (Current) to an Exchange 2013 installation.
The latest Service Packs and CUs are installed in both.
What would be the best procedure to move these mailboxes? To my knowledge, the current best practice/recommended way is to perform a user/SID migration from Contoso to SpecialBank. But I already have accounts in
SpecialBank that users are actively using.
I'm not opposed to doing a simple PST export from Contoso to SpecialBank, but we're looking at around 120 mailboxes. So I'm trying to make my life a little easier instead of spending a weekend here.
If I try to do it in batches, I need to figure out how to handle autodiscover and CAS. Since I'm creating an entirely new Exchange environment, I'm trying to limit what I place in the existing configuration. But I'm not opposed to setting up something temporarily
if I need to in order to make the migration transparent to users.
Can anyone help?

Hi ,
From you description i came to know contoso is the resource forest and special bank is the account forest .
You just wanted to migrate the linked mailboxes from resource forest to account forest and also you would want the migrated mailboxes to get merged to the respective user accounts in the account forest to become as a normal user mailbox.Am i right ?
Please correct me if i am wrong . I have found some blogs in internet please have a look in to that especially the first one.
http://www.outlookforums.com/threads/60210-cross-forest-mailbox-move-and-linked-mailbox/
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_27974905.html
Regards
S.Nithyanandham
Thanks S.Nithyanandham

Outlook Password prompt for Linked Mailboxes from certain Domain

Hello,
As part of a migration project, I'm trying to connect Outlook with Linked Mailboxes from users in a trusted domain.
I'm able to create the linked mailbox on the Exchange 2013 (CU7) server without any issue, but when I try to configure Outlook for these mailboxes, it is prompting for credentials permanently and won't start. Log on to OWA with the same user from the trusted
domain is working fine.
I'm able to configure Linked mailboxes from another trusted domain without any problems.
I've already recreated the trust between these two domains (validation tells everything is ok)
DNS is configured with conditional forwarders in both domains and name resolution looks ok to me (ping and nslookup)
When I look at the LinkedMasterAccount of the mailboxes from this domain, I can see that there is only the SID (S-1-5-21-4033829......). The other linked mailboxes (from the other domain where it's working) are showing the Account name (domain\user)
Internal and External ClientAuthenticationMethod of OutlookAnywhere is set to NTLM
Infos:
DomainA: Domainlevel 2012 - Exchange 2013 - Forest trust to Domain B and C
DomainB: Domainlevel 2008 - Exchange 2010 - Forest trust to Domain A - Outlook for linked Mailboxes of DomainA works fine
DomainC: Domainlevel 2008 - Forest trust to Domain A --> can't connect Outlook to LinkedMailboxes of this domain.
Is there anything else I can check?

Hi,
Please check whether the server is configured to only accept NTLM version 2 and reject NTLM and LM, and the Outlook client computer is not configured with the same LAN Mananger authentication level.
Check DC, Start -> Programs -> Administrative Tools -> Security Options -> Note the LAN Manager authentication level.
Check DC's policies, Start -> Programs -> Administrative Tools -> expand Security Settings\Local Policies -> Security Options -> Note the Lan Manager authentication level.
IMPORTANT： You may also have to check policies that are linked at the site/domain/organizational unit levels to determine where the LAN Manager authentication level must be configured. Configure the LAN Manager authentication level to "Send
NTLMv2 response only". If you want to implement NTLM version 2 in your network, make sure that all computers in the domain are set to use this authentication level.
Thanks
Mavis Huang
TechNet Community Support

Can't move Exchange 2003 mailbox to Exchange 2010 Resource forest (Linked Mailbox)

Problem Description:
Can’t move Exchange 2003 mailbox to Exchange 2010 resource forest
Error message:
Failed to reconnect to Active Directory server SRVUMVMDC02.umfolozi.local. Make sure the server is available, and that you have used the correct credentials.
Source Environment Configuration:
Active Directory
FQDN: umfolozi.local
Domain name (pre-Windows 2000): UMFOLOZI
Domain Function Level: Windows Server 2003
Domain Controllers:
Hostname
OS
Operation Master
SRVUMVMDC01.umfolozi.local
Windows Server 2008 R2 Standard SP1
Schema Master, Domain Naming, RID, PDC
SRVUMVMDC01.umfolozi.local
Windows Server 2008 R2 Standard SP1
Infrastructure
Exchange
Version: Microsoft Exchange 2003 Standard SP2 Build 7638.2
Server Information:
Hostname
OS
TUSKUMFMAIL.umfolozi.local
Windows Server 2003 R2 SP2
DNS Zones
Zone Name
Zone Type
Domain Controllers
umfolozi.local
Active Directory-Integrated (Primary)
SRVUMVMDC01.umfolozi.local
SRVUMVMDC01.umfolozi.local
peermont.com
Secondary
SRVPGVMDC01.peermont.com
SRVPGVMDC02.peermont.com
Trusts
Domain Name
Trust Type
Transitive
Validated
peermont.com
Forest
Yes
Yes
Target Environment Configuration:
Active Directory
FQDN: peermont.com
Domain name (pre-Windows 2000): PG
Domain Functional Level: Windows Server 2008 R2
Domain Controllers:
Hostname
OS
Operation Master
SRVPGVMDC01.peermont.com
Windows Server 2008 R2 Std SP1
SRVPGVMDC02.peermont.com
Windows Server 2008 R2 Std SP1
Domain naming, RID, PDC, Infrastructure, Schema Master
Exchange
Resource Exchange Forest
Server Information:
Hostname
OS
Role
Version
Client Access Array
SRVPGVMEXCH01.peermont.com
Windows Server 2012 Std
HUB, CAS
Version 14.3 (Build 123.4)
exchange.peermont.com
SRVPGVMEXCH02.peermont.com
Windows Server 2012 Std
HUB, CAS
Version 14.3 (Build 123.4)
exchange.peermont.com
Hostname
OS
Role
Version
Database Availibility Group
SRVPGVMEXCH03.peermont.com
Windows Server 2012 Std
MBX
Version 14.3 (Build 123.4)
PeermontDAG
SRVPGVMEXCH04.peermont.com
Windows Server 2012 Std
MBX
Version 14.3 (Build 123.4)
PeermontDAG
DNS Zones
Zone Name
Zone Type
Domain Controllers
peermont.com
Active Directory-Integrated (Primary)
SRVPGVMDC01.peermont.com
SRVPGVMDC02.peermont.com
umfolozi.local
Secondary
SRVUMVMDC01.umfolozi.local
SRVUMVMDC01.umfolozi.local
Trusts
Domain Name
Trust Type
Transitive
Validated
umfolozi.local
Forest
Yes
Yes
Migration Process
Task
Description
Successful/Error
1
SYNC AD Domain account from source forest (umfolozi.local) to target forest (peermont.com) using BinaryTree SMART Directory Sync (ADMT can be used as alternative)
Successful
2
Create mailed enabled user
Successful
3
Run Prepare-MoveRepuest with –OverWriteLocalObject
Command Example:
.\Prepare-MoveRequest.ps1 -Identity [email protected] -RemoteForestDomainController SRVUMVMDC01.umfolozi.local
-RemoteForestCredential $RemoteCredentials -UseLocalObject -LocalForestDomainController SRVPGVMDC01.peermont.com -LocalForestCredential $LocalCredentials -OverWriteLocalObject
Successful
4
Submit mailbox request
Command Example:
New-MoveRequest -Identity "0fa7d17e-3637-4708-a51b-f14eaae17968" -BadItemLimit "50" -TargetDeliveryDomain
"internal.peermont.com" -TargetDatabase "{c5d6ea95-07b3-4a52-9868-e41e808a76fe}" -RemoteCredential (Get-Credential "umfolozi\svcmigration") -RemoteGlobalCatalog "SRVUMVMDC02.umfolozi.local" -RemoteLegacy:$True
Error
All the standard migration task works as expected until the mailbox migration move request is submitted. See move request verbose detail below:
[PS] C:\Windows\system32>New-MoveRequest -Identity "0fa7d17e-3637-4708-a51b-f14eaae17968" -BadItemLimit "50" -TargetDeli
veryDomain "internal.peermont.com" -TargetDatabase "{c5d6ea95-07b3-4a52-9868-e41e808a76fe}" -RemoteCredential (Get-Crede
ntial "umfolozi\svcmigration") -RemoteGlobalCatalog "SRVUMVMDC02.umfolozi.local" -RemoteLegacy:$True -Verbose
VERBOSE: [11:34:27.346 GMT] New-MoveRequest : Active Directory session settings for 'New-MoveRequest' are: View Entire
Forest: 'False', Default Scope: 'peermont.com', Configuration Domain Controller: 'SRVPGVMDC02.peermont.com', Preferred
Global Catalog: 'SRVPGVMDC02.peermont.com', Preferred Domain Controllers: '{ SRVPGVMDC02.peermont.com }'
VERBOSE: [11:34:27.362 GMT] New-MoveRequest : Runspace context: Executing user: peermont.com/Admin/Users/Admin
Accounts/Information Technology/SoarSoft/Johann Van Schalkwyk, Executing user organization: , Current organization: ,
RBAC-enabled: Enabled.
VERBOSE: [11:34:27.362 GMT] New-MoveRequest : Beginning processing &
VERBOSE: [11:34:27.362 GMT] New-MoveRequest : Instantiating handler with index 0 for cmdlet extension agent "Admin
Audit Log Agent".
WARNING: When an item can't be read from the source database or it can't be written to the destination database, it
will be considered corrupted. By specifying a non-zero BadItemLimit, you are requesting that Exchange not copy such
items to the destination mailbox. At move completion, these corrupted items won't be available in the destination
mailbox.
VERBOSE: [11:34:27.362 GMT] New-MoveRequest : Searching objects "{c5d6ea95-07b3-4a52-9868-e41e808a76fe}" of type
"MailboxDatabase" under the root "$null".
VERBOSE: [11:34:27.362 GMT] New-MoveRequest : Previous operation run on domain controller 'SRVPGVMDC02.peermont.com'.
VERBOSE: [11:34:27.393 GMT] New-MoveRequest : Current ScopeSet is: { Recipient Read Scope: {{, }}, Recipient Write
Scopes: {{, }}, Configuration Read Scope: {{, }}, Configuration Write Scope(s): {{, }, }, Exclusive Recipient Scope(s):
{}, Exclusive Configuration Scope(s): {} }
VERBOSE: [11:34:27.393 GMT] New-MoveRequest : Searching objects "0fa7d17e-3637-4708-a51b-f14eaae17968" of type "ADUser"
under the root "$null".
VERBOSE: [11:34:27.471 GMT] New-MoveRequest : Previous operation run on domain controller 'SRVPGVMDC02.peermont.com'.
VERBOSE: [11:34:27.471 GMT] New-MoveRequest : Processing object "$null".
VERBOSE: [11:34:27.487 GMT] New-MoveRequest : [DEBUG] No RequestJob messages found.
VERBOSE: [11:34:27.487 GMT] New-MoveRequest : [DEBUG] MDB c5d6ea95-07b3-4a52-9868-e41e808a76fe found to belong to Site:
peermont.com/Configuration/Sites/Peermont
VERBOSE: [11:34:27.487 GMT] New-MoveRequest : [DEBUG] MRSClient: attempting to connect to 'SRVPGVMEXCH02.peermont.com'
VERBOSE: [11:34:27.627 GMT] New-MoveRequest : [DEBUG] MRSClient: connected to 'SRVPGVMEXCH02.peermont.com', version
14.3.178.0 caps:07
VERBOSE: [11:34:27.627 GMT] New-MoveRequest : [DEBUG] Loading source mailbox info
VERBOSE: [11:34:28.844 GMT] New-MoveRequest : Failed to reconnect to Active Directory server
SRVUMVMDC02.umfolozi.local. Make sure the server is available, and that you have used the correct credentials. --> A
local error occurred.
VERBOSE: [11:34:28.844 GMT] New-MoveRequest : Admin Audit Log: Entered Handler:OnComplete.
Failed to reconnect to Active Directory server SRVUMVMDC02.umfolozi.local. Make sure the server is available, and that
you have used the correct credentials.
+ CategoryInfo : NotSpecified: (0:Int32) [New-MoveRequest], RemoteTransientException
+ FullyQualifiedErrorId : F48FD74B,Microsoft.Exchange.Management.RecipientTasks.NewMoveRequest
+ PSComputerName : srvpgvmexch02.peermont.com
VERBOSE: [11:34:28.859 GMT] New-MoveRequest : Ending processing &
Troubleshooting Performed
1. When submitting mailbox move request tried the following credential inputs:
1.1. DOMAIN\Username
1.2. FQDN\Username
1.3. userPrincipalName
2. Confirmed domain trust between source and target domain is in place and validated.
3. Confirmed name resolution in source and target domain is functioning as expected.
4. Confirmed network connectivity between source and target domain controllers as well as source and target exchange servers.
5. Tried to create new Linked Mailbox to account in source forest, can’t select Global Catologue via the wizard;
Tried to specify the credentials for the account forest and got the following error when tried to select Global Catalog from wizard:

The error talk about the credential. Did you check the credential
Did you tried this command?
New-MoveRequest -Identity "Distinguished name of User in Target Forest" -RemoteLegacy -TargetDatabase "E2K10 Mailbox Database Name" -RemoteGlobalCatalog "FQDN of Source DC" -RemoteCredential $Remote -TargetDeliveryDomain "Target
domain name"
http://blogs.technet.com/b/exchange/archive/2010/08/10/3410619.aspx
Cheers,
Gulab Prasad
Technology Consultant
Blog:
http://www.exchangeranger.com    Twitter:
  LinkedIn:
   Check out CodeTwo’s tools for Exchange admins
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

Beware of Linked Mailbox status - Moving Unity_server mailboxes to Exchange 2010

Hi all -
Here is a problem I encountered that I want to pass along to you:
When partnering Unity to Exchange 2010, the Unity_servername, USBMS_servername, EAdmin, and unitymsgstoresvc inboxes are moved from the old Exchange to the new 2010 server. Using the Exchange Management Console, the users should show up as User Mailboxes, not Linked Mailbox. A Linked mailbox in Exchange 2010 is an external account, i.e. an account in another forest. If this occurs for the Unity_servername mailbox, external caller voice messages remain in UMR (UnityMTA) and you will see many application event log errors. In EMC you will observe the account mailboxes show in Disconnected status.
If this happens to you, here is the fix:
Disable the Account from EMC in Exchange 2010. Note you will get a prompt that the Exchange properties are being removed but the email inbox is NOT deleted.
Re-enable the account from ADUC.
In EMC, go to Disconnected Mailboxes, select the Unity mailbox and select Connect. In the Connect wizard, re-associate with the existing account. Re-enter the user alias and complete the wizard.
Restart AvUMRSynchSvr service on Unity.
Hope this helps someone in the future!
Sincerely, Ginger

Thanks Brad :-) I forgot to mention I discovered a number of Internet hits that say this can happen with Move Mailbox. Here's the link I used to begin researching the problem (hint: go all the way to the bottom of the web page - http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_26308671.html). Got to give kudo's to this most excellent Exchange resource - has helped me a bunch over the years!

Linked mailbox credential prompt.

We have setup a link mailbox between to different domain all is ok..
just want to clarify if it is normal that every time i open the outlook client of the linked mailbox it will prompt for its credetials? even if the domain account login is the link mailbox account also?
if it is not please let me know what authentication method i should change ot this is normal for a link mailbox??
thanks in advance!!

Hi,
To understand more about the issue, I’d like to confirm the following information:
1. Check the authentication method in the tab named Exchange proxy settings.
2. Is there firewall between the two domans?
3. Does the credential accept password of keep prompting?
4. Cancel the credential prompt and then run "Test Email AutoConfiguration" to see if there is any error return.
5. Does the credential appear if you run Outlook with online mode?
If you have any question, please feel free to let me know.
Thanks,
Angela Shi
TechNet Community Support

Preserve mailbox permissions after converting to linked mailboxes

Hello,
I am converting normal user mailboxes to linked mailboxes in Exchange 2007 SP3. After a pilot, we found that the linked accounts no longer had access to shared mailboxes (the share mailboxes will NOT be converted into linked accounts). The Full Access
ACL references the OLDOMIAN\username AD account. Manually adding NEWDOMAIN\username to the ACL fixes things. Is there an easy way to export the Full Access and Send As permissions for the shared mailboxes and switch them to NEWDOMAIN\username with
PowerShell? I have a feeling this will involve a lot data manipulation with Excel. Too bad there is no ADMT style security translation tool for Exchange mailboxes!

It's definetly possible to do this entire task via powershell script but need to spend some time to write it... ;)
But well, here is another quick way I can suggest it's two step process...
1. Export Full Access and Send-As to csv files seperately by following this Exchange Powershell Tip #09
2. Now you have two files, replace the domain name in exported csv files.
3. Import the permission back using this...
$FullAccess = import-csv mailboxaccess.csv
$FullAccess | %{Add-MailboxPermission -Identity $_.Identity -User $_.user -AccessRights $_."Access Rights"}
$SendAs = import-csv sendas.csv
$SendAs | %{Add-ADPermission -Identity $_.identity -User $_.user -AccessRights Extended -ExtendedRights $_."Access Rights"}
Blog |
Get Your Exchange Powershell Tip of the Day from here

Exchange 2013 linked mailbox

I am administering Exchange 2013 in organization where we have two separate forests witch two separate Exchange 2013 servers. There is AD trust between forests. Each user has two mailboxes connected in Outlook, one from forest A and one from forest B. Let's
say [email protected] and [email protected] There is a plan that users from forest A will use and have only one mailbox connected in Outlook and get all emails data on Exchange server within forest A. What is a best approach
to do it smoothly? We do not want to remove the email addresses from forest B because a lot of people outside the company know only this email address as a contact point.
I am thinking about creating linked mailboxes. Any other ideas or advice's?

Hi ,
just remove the email address (i.e
[email protected])
from the mailbox in forest B and add it as an secondary smtp address on the mailbox residing on the mailbox in forest A.
In case if you don want the mailbox for user 1 in forest B you can simply delete it instead of removing the email address.
Note : Simply you cannot remove the email address (i.e
[email protected])
from the Mailbox of the user 1 in forest B is set as primary smtp address. So on such case just make some dummy email address as primary smtp address and simply remove
the address [email protected]
and add as an secondary smtp address on user 1 mailbox in forest A .
Please feel free to reply me if you have any queries.
Thanks & Regards S.Nithyanandham

Converting User Mailboxes to Linked Mailboxes

We're going to be moving users to a new, trusted domain and want to keep our Exchange 2013 server in the old domain. It looks like the best strategy for us is to convert our user mailboxes to linked mailboxes for users who will log into the new domain.
There's quite a bit out on the web on doing this in Exchange 2010 but I don't see anything specific to Exchange 2013. Is the procedure basically the same? This is what users seem to be doing from PowerShell:
Set-User <userID> -LinkedMasterAccount AccountDomain\UserID -LinkedDomainController AccountDomainControllerFQDN
Orange County District Attorney

Hi,
If you want to convert the existing mailbox to a linked mailbox, we can do the following steps:
1.To disconnect the mailbox object in the Exchange store from the user object in Active Directory, for example.
Disable-Mailbox -Identity User1
2.To create a credential object, run the following command.
$cred = Get-Credential
You will be prompted for credentials. Specify an account that has permissions to access the domain controller in the forest where the user account resides. Use the LinkedDomainController parameter to specify the domain controller. This domain
controller obtains security information for the account to which you are linking the mailbox object.
3.To reconnect the mailbox object in the Exchange store to an external user object, use this example.
Connect-Mailbox -Identity User1 -Database "Mailbox Database" -LinkedDomainController FabrikamDC01 -LinkedMasterAccount [email protected] -LinkedCredential $cred
For more information about converting linked mailbox, please refer to:
https://technet.microsoft.com/en-us/library/bb201694%28v=exchg.141%29.aspx?f=255&MSPPError=-2147217396
Regards,
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Winnie Liang
TechNet Community Support

Exchange 2010 SP3 outlook prompot password for linked mailbox

Hi All,
I have forest A and forest B, there is an Exchange 2010 SP3 server in forest A, linked mailboxes are created for user inside forest B. Trust relationship can be verified , in place and active. Suddenly , some linked mailbox user got outlook password prompt
repeatedly but OWA and Active Sync is still working fine.
I have reset Exchange Web Services Virtual Directory. but the issue still persists. Please advise
Regards,
Zaw
ZAW

Step 1: Close Outlook program and create backup of PST file
Step 2: Now run SCANPST.EXE on copy of your PST and repair
SCANPST.EXE is found in these locations according to different Outlook versions:
In MS Outlook 2002/XP: C:\Program Files\Common Files\System\MAPI\ \scanpst.exe
In MS Outlook 2000:C:\Program Files\Common Files\System\MAPI\ \NT\scanpst.exe
In MS Outlook 97/98:C:\Program Files\Common Files\Windows Messaging\scanpst.exe
Note: Do not use backup option in SCANPST.EXE as you working with a duplicate copy of PST
file.
Step 3: Then open the command prompt by clicking Start >> Run
Step 4: Paste or type the file path to PST19UP and your PST name: PSTUPG19.EXE-filename.pst
and press Enter.
Step 5: The command line will resemble: “C:\My Documents\pst19upg.exe”- Outlook.pst.
Step 6: A new copy of the PST file will be created, which is called “filename.psx”.
Step 7: Once you have completed, rename the original PST file.
Step 8: Now at the Command Prompt, type “pst19upg.exe- filename.psx” and press Enter
Step 9: A new password-free PST file will be created from PSX file.
Step 10: Now open your MS Outlook program and open the PST file.

Outlook 2013 Auto Account Setup for Linked Mailbox Not working

We've created a linked mailbox, in Exchange 2013 (in domain1), for a user in another AD forest, domain2. We have the AutoDiscover service configured in the other AD forest as well. Our only issue now is trying to find a way to get the Outlook Auto Account
Setup to automagically configure a user's profile the first time Outlook 2013 is started. If we type in the user's email address and name and click Next, the profile is created successfully.
I spoke to Microsoft support who helped me confirm that AutoDiscovery was configured correctly in the other forest. Reading this information (
https://technet.microsoft.com/en-us/library/bb124251.aspx ) on AutoDiscover, I found what may be the issue. It notes that
"If the Outlook client is joined to a domain, the user's domain account is used."
Since the linked mailbox is associated with domain1, Outlook looks like it cannot use the domain account from domain2. I wonder if there might be a registry hack to bypass this and force Outlook clients in domain2 to look at email addresses in domain1?
Orange County District Attorney

Hi,
According to your description, I noticed that “If we type in the user's email address and name and click Next, the profile is created successfully”. Do you mean the linked mailbox can be setup automatically when you fill in the Name and E-mail Address in
the Auto Account Setup page? For example:
If that is the case, the autodiscover service in Exchange side should be configured correctly and it is working for Outlook client automatically account setup.
If the account can’t be setup automatically when using autodiscover service, please
verify that the Master Account (Domain2\User1) has full access to the Linked Mailbox ([email protected]) as well as the smtp address using the cmdlets Get-Mailbox and Get-MailboxPermission in Exchange server:
Get-Mailbox [email protected] | fl PrimarySmtpAddress,*Type*,*Link*
Get-MailboxPermission [email protected] | fl
Regards,
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Winnie Liang
TechNet Community Support

Cannot link mailbox to user in accounts forest

original forest is a single domain configuration named mydomain.com. A new accounts forest was created named ad.mydomain.com. This domain is *not* a subdomain of the original domain, but a separate domain in a separate forest. This forest
also uses a single domain design. (It's a long story) All mailboxes reside in a single mailbox database on an Exchange 2010 server running on Windows Server 2008 R2. I've used the ADMT to migrate some test accounts to the accounts forest.
The migration works and the account appears functional, i.e., SID history migrated and the account can still get to shares and files on machines located in the resource forest.
I then use the disable-mailbox and connect-mailbox commands to setup the linked mailbox. My test account is user Joe Doakes (as listed in Get-MailboxStatistics), username is jdoakes, mailnickname is jdoakes and SMTP address is [email protected]
Here is the exact command I am using:
Connect-Mailbox -Identity "Joe Doakes" -Database "Mailbox Database 0448361937" -LinkedDomainController MEDTMPDC01.ad.mydomain.com
-LinkedMasterAccount "CN=Joe Doakes,OU=Testing,OU=Accounts,DC=ad,DC=mydomain,DC=com" -LinkedCredential $cred
to which the command shell replies-
Confirm
Do you want to connect this mailbox to user "mydomain.com/Testing/Joe Doakes" with the alias "JoeDoakes"?
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"):
I've re-entered the credentials for the accounts forest twice. The canonical name above is the name of the now disabled account in the resource forest. If I select Y here, it reconnects to the old account and changes the alias from jdoakes
to JoeDoakes. This behavior is very strange. I have confirmed the distinguished name used is correct. Can anyone point out what I am doing wrong?
TIA
Tom

I wanted to update this post in case anyone else runs into this problem. I wound up opening
a support ticket and spent a day and a half on the phone with Microsoft.
This issue was the result of several chance problems and my misinterpretation
of the command's results. To start off, when the command comes back to
say that it wants to connect the mailbox to "mydomain.com/Testing/Joe Doakes", it
really means that it is the disabled account in the Exchange (source) forest to which the
mailbox will be connected. It will be "linked" to the account in the accounts forest, but the command does not say that. This behavior is by design. We also found that I have to specify the alias in the command or a new alias is created that
concatenates the target account's first
and last names. Last, we found that running a number of
clean-mailboxdatabase commands was the trick that finally made things
work. To recap, the procedure that worked for me was:
1. Disable-mailbox to disconnect the user in the source forest
2. Verify the mailbox is actually disconnected. If it does not show up in the
Disconnected Mailbox node in the EMC, run the clean-mailboxdatabase "<database
name>" command
3. Disable the source forest user account.
4. Enter the account forest credential ($cred = get-credential)
5. Connect the mailbox to the linked account. This is the command that worked for me:
Connect-Mailbox -Identity "Joe Doakes" -Alias jdoakes
-Database "Mailbox Database 0448361937" -LinkedDomainController MEDTMPDC01.ad.mydomain.com -LinkedMasterAccount "CN=Joe Doakes,OU=Testing,OU=Accounts,DC=ad,DC=mydomain,DC=com" -LinkedCredential
$cred
6. The new account may not be able to get to the mailbox without running another clean-mailboxdatabase.
I hope this saves someone else a call to Microsoft.

Linked mailbox masteraccount

Hi all,
I need to migrate users from domain A to Domain B, but my Exchange 2010 global server installed on Domain C.
User are now connected to Domain A with his master account to Exchange 2010 global server on Domain C to the linked mailbox shadow account.
I have to move all users from Domain A to domain B and reconnect all master account from domain B.
I create the Users-id already on the domain B can I use a power-shell or different command to disconnect and reconnect the new master account to the linked mailbox on the easy way.
I export all the users to a CSV file, If I can use a power-shell script that read the Output CSV file and it will disconnect and reconnect the master account from Domain B. Did somebody use this before on the production environment with migration or can
someone advice me on this case to use the best practice.
Kind regards,
Hakan
Good luck everyone.

You can use the cmdlet
Set-User to change the LinkedMasterAccount.
Example:
Import-Csv X:\linked.csv | foreach {Set-User -Identity $_.Identity -LinkedMasterAccount $_.LinkedMasterAccount -LinkedDomainController gc.domainB.local}
...and all you would need in the CSV file is two fields like in this:
Identity,LinkedMasterAcccount
AndrewG,DOMAINB\Andrew.Gordon
MartinaM,DOMAINB\Martina.Miskovic
Martina Miskovic

Lync server 2013 simple central forest user without Linked mailboxes

Hi All,
How to setup Multiple forest in a central forest topology and we don't have Exchange server in our infra.
Thank you if you can help me.

Understood. You don't need Exchange. You really just need a forest trust and the msRTCSIP-Originatorsid AD attribute populated.
Check out Saleesh's write-ups below. In the walkthrough, he manually populates them, and this is fine as a test but you'd want to script it out or use an identity management tool if you have many users.
http://blogs.technet.com/b/saleesh_nv/archive/2014/06/07/lync-2013-resource-forest-deployment-with-manual-sync-part-1.aspx
http://blogs.technet.com/b/saleesh_nv/archive/2014/06/04/lync-2013-resource-forest-deployment-with-manual-sync-part-2.aspx
http://blogs.technet.com/b/saleesh_nv/archive/2014/06/04/lync-2013-resource-forest-deployment-with-manual-sync-part-3.aspx
http://blogs.technet.com/b/saleesh_nv/archive/2014/06/07/lync-2013-resource-forest-deployment-with-manual-sync-part-4.aspx
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
SWC Unified Communications
This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

Auto-mapping of shared mailboxes in a resource forest scenario

In a resource forest scenario you assign full access to a shared mailbox using:
Add-MailboxPermission -Identity SharedMailbox -User AccountForestDomain\UserID -AccessRights FullAccess
This provides the user in the account forest full access, but it will NOT auto-map the shared mailbox in Outlook.
If you use the command:
Add-MailboxPermission -Identity SharedMailbox -User UserID -AccessRights FullAccess
and UserID is the disabled account of the linked mailbox in the resource forest then the user in the account forest does not have the necessary permission to
open the mailbox, but the auto-mapping of the mailbox in Outlook works.
You have to use both commands to have the auto-mapping feature and have access to the shared mailbox.
This looks like another issue of the auto-mapping feature. The intention of the feature is good, but the way it was implemented can be improved.
How do you configure full access to shared mailboxes in a resource forest scenario?

Hi J-H,
Because i don’t have such a lab environment, so I am unable to do a test.
Now let’s separate the issue.
1. The first issue is
[email protected]
unable to auto configure outlook profile.
I suggest you
changing the user’s attributes in the account forest, does it work?
2. The second issue is
[email protected] unable to open a shared mailbox in the resource
forest.
At first, I suggest you create a shared mailbox in resource forest with this command.
New-Mailbox -name
<name> -Database <Database name> -OrganizationalUnit Users –UserPrincipalName
<UPN value, example: [email protected]> -<ResourceType: Room, Equipment or Shared>
Managing
Resource Mailboxes in Exchange Server 2007 (Part 1)
Then test if you can log on the shared mailbox via outlook.
If yes, then grant full access right for
[email protected]
to [email protected]
Resource:
Shared mailbox
permission in resource forest with linked users
Manage Full Access Permissions
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Linked Mailboxes

Similar Messages

Maybe you are looking for