We have a situation where we are going to be moving the users from a NT 4.0 domain into an AD domain of an existing forest (Domain running in Exchange and AD native mode). The plan for now is to have the users keep logging into the old (and soon to be defunct) NT 4.0 domain w/ their NT workstations and access their new mailboxes from the Exchange2000 servers via permissions setup from a trust with the NT 4.0 domain (so there is an explicit right defined on the Exch2k mailbox referencing the user account from the trusted domain w/ full permissions). This access works great for the user with basic mailbox access. However, when the user defines a delegate from the GAL, that delegate does not actually realize the permissions once that mailbox is opened when logging into a nt 4.0 machine and accessing their mailbox w/ the account from the trusted domain. It works just fine of course when logging into a 2000 machine and AD user that is a member of the AD child domain. (this is a 2 week interim solution until the new workstation conversion can take place)
I had hoped that the security context would remain within the mapi session, but I apparently don't understand exactly how outlook is leveraging security here. Is there the possibility that outlook is realizing the existence of the user from the trust with the NT 4.0 domain and restricting access on that (and not the identity of the existing mapi session)? I just don't see outlook being quite that smart. Or is this one of those "it simply doesn't work that way" situations? Once again... TIA _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
