Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Archiving an Exchange Resource Forest

Created: 18 Jul 2013 • Updated: 19 Jul 2013 | 6 comments
This issue has been solved. See solution.

Hi there,

Ive just got off the phone to someone at Symantec and got a worrying answer and i cant belive its true.

Simply it was ref this - that if the msExchUserAccountControl attribute is set to 2 effectively the account is seen as disabled by EV and will not archive it during the Schedule archive run.

Obviously in a reaource forest the placeholder account for the mbx is disabled. What i cant belive is surely EV can cater for archiving in Resource forest scenarios.

Can anyone shed some light on this?

Regards

Operating Systems:

Comments 6 CommentsJump to latest comment

EVGarrison's picture

Let me exapnd on the scenario as it may help to answer, we have a 2 way forest trust between source and target. EV10 \ Exchange 2010 in the resource forest, Mailboxes are in Target also with VSA and EVSM, only the primary Acconts are still in the Source forest. A typical resource forest scenario when it comes to Exchange

Hope this helps and any advice would be greatly received.

JesusWept3's picture

I've supported plenty of places that perform the same way as you're proposing
just as a matter of interest, are you provisioning say USERDOMAIN\users or MAILBOXDOMAIN\users?

the scenario i've seen quite commonly is

USERDOMAIN just has users
MAILBOXDOMAIN has disabledusers with a mailbox

USERDOMAIN\UserA has a linked mailbox account to MAILBOXDOMAIN\UserA 

Is that a fair statement?

Pradeep_Papnai's picture

The configuration where EV-Exchange reside in resource forest & user reside in user’s forest, I believe this configuration should work without any problem.  The archive would have permission for both user a/c (disable of resource, enabled for user). I really have not checked ‘msExchUserAccountControl’ property in my lab so would not sure right now.

You can check an additional link http://www.symantec.com/connect/forums/ev9-cross-f...

If your Exchange is also reside in different forest then validation steps can be found in TN http://www.symantec.com/docs/HOWTO84839

MichelZ's picture

That's called "Linked Mailboxes" and is properly supported.
But even disabled AD Accounts are supported, you just need a reg key:
http://www.symantec.com/business/support/index?page=content&id=TECH76587

SOLUTION
EVGarrison's picture

Thanks for comments guys, first ill reply to JesusWept:

your statement "USERDOMAIN\UserA has a linked mailbox account to MAILBOXDOMAIN\UserA " is spot on.

Our Source Domain has all of the Live user accounts in that did have EV9.0.4 and Exchange, we are migrating Mailboxes and moving archives into the target Forest. EV10 and Exchange 2010.

@EVCounselor - thanks for the link in that post i belive EV was still in the source forest though.

@MichelZ - that article looks just about right for what we are talking about.

Many thanks guys for you help, ill let you know how i get on.

EVGarrison's picture

Just to let you know guys are had a call back from a Senrior tech and he said the recomended SOP is to add a provision group that looks at the source AD it will see that the User is enabled.

However im not sure if it matches on SID or Mbx GUID, if its Mbx Guid i dont think thats going to work base don how we have got a Mailboxes in target.

So i tihnk we will go for the Reg hack