EV9 Cross-Forest Implementation
I realize I will eventually involve Professional Services with this architectural scenario, but wanted to briefly explain our migration scenario. In advance, I appreciate any insight.
Two companies, two separate forests. ForestA and ForestB have a forest-level, bi-directional transitive Active Directory trust. ForestA/DomainA has Exchange 2007. ForestB/DomainB has Exchange 2010. Our migration effort is to move all DomainA mailboxes to DomainB.
Our current environment - Exchange 2007 and EV v9 - are in a domain of ForestA. The AD user accounts in DomainA are mailboxes. Associated EV Vaults are attached to this mailbox. Already-existing user accounts in DomainB are mail users.
After the migration of mailboxes from DomainA to DomainB, the user account in DomainA becomes a mail-user. The user account in DomainB is a linked mailbox associated with the DomainA Active Directory account. The mailbox moves from DomainA (EX2007) to DomainB (EX2010)
Post-migration, Enterprise Vault in DomainA can no longer perform the archiving or provisioning tasks because, naturally, it cannot see the mailbox any longer. With the assistance of technical support, we've tried several things:
- Added the new EX2010 mailbox servers in DomainB to EV in DomainA and assigned archiving and provisioning tasks.
- Added an additional two-way, external trust between DomainA and DomainB, although probably redundant and unnecessary due to the forest-level trust.
The provisioning task and archiving task doesn't see the mailboxes that are moved to DomainB. The Event logs are filled with permissions woes.
I know this is an atypical EV implementation; I'm just wondering if anyone has had any experience with this sort of migration.
Yes, sorry for the delay!
I ended up opening a support case with Symantec support. This cross-forest configuration ended up being pretty tricky and overwhelming, but in the end, it came down to proper service account permissions within SQL. I appreciate everyone's attention and recommendations!