Cross Forest Migration – Delegated Mailbox Automapping is missing for migrated users

Cross Forest, Exchange 2016 October 15, 2017 Leave a comment

We might notice the mailbox auto-mapping will be missing after the cross forest migration is completed.

But while looking into the mailbox permissions (sendas,send on behalf and full access) from the exchange admin center we would be able to see the permission entry. But the users would have lost the mailbox automapping.

If we take one affected delegated user, remove and readd the permission from EAC we can see the  automapping will be fixed in few minutes. So where is the real problem 🙂

So started digging into the ADMT logs and found the below errors which was present in first ADMT migration job.

Untitled

So what is this msexchdelegatelistlink ?

For the Automapping to work for delegated users the  msexchdelegatelistlink needs to be populated for the delegated user with the DN of the shared mailbox.

We can see this attribute for the affected user via Active Directory Users and Computer via attribute editor and it will be empty

WhatsApp Image 2017-07-30 at 16.31.41

If we look for this same user account in the source forest the value will be populated with the DN of the shared mailbox.

Solution:

Export the msexchdelegatelistlink from the source Forest.

To export the msexchdelegatelistlink from the source forest we can use any of the below commands:

Get-ADUser -Filter {(mail -notlike ‘null’)} -Properties * | select name,mail,DistinguishedName,@{n=’DelegatedMailboxes’;e={$_.msExchDelegateListLink}} | export-csv -path c:\export\userDelegation_details.csv –NoTypeInformation –noclobber

Get-ADUser -Properties msExchDelegateListBL,msExchDelegateListLink -LDAPFilter “(msExchDelegateListBL=*)” | Select name,mail,@{n=’Distinguishedname’;e={$_.distinguishedname}},@{n= ‘alternate’;e={$_.msExchDelegateListLink}} | Export-csv userlist.csv –notypeinformation –noclobber

To filter this only for specific OU we can use the below :

Get-ADOrganizationalUnit -Identity ‘OU=AsiaPacific,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM’ | Get-ADUser -Properties msExchDelegateListBL,msExchDelegateListLink -LDAPFilter “(msExchDelegateListBL=*)” | Select name,mail,@{n=’Distinguishedname’;e={$_.distinguishedname}},@{n= ‘alternate’;e={$_.msExchDelegateListLink}} | Export-csv userlist.csv –notypeinformation –noclobber

Later once after we export the user msexchdelegatelistlink we can import them from CSV to the target affected users with the below command.

import-csv “C:\test\delegate.csv” | % {get-aduser -identity $_.distinguishedname | set-aduser -add @{msExchDelegateListlink=$_.distinguishedname}}

After updating the AD attribute with the DN of the shared mailbox on the target accounts this will force auto mapping during the autodiscover next refresh interval.

Thanks & Regards
Sathish Veerapandian

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: