Unsolved
This post is more than 5 years old
45 Posts
0
822
Offline Access running in a canonical Account - Resource Forests AD infrastructure
Hi everybody,
my customer has a Multi Forests AD configured following the schema Account Forest trusted with a Resource Forest.
User A belonging to Account Forest is linked as an external user account to a mailbox enable user B disable.
This is a typical Microsoft suggested AD environment for Enterprise Company.
Customer wants to use OA on all desktops, but shortcut retrieve from ES1 doesn't work because delegate permission is missing ( as reported in OA logging).
It's the same behavior reported in ES1 6.5 SP1 release notes for shared mailboxes :
Users with access to a shared mailbox cannot use Offline Access to retrieve shortcut
messages from that mailbox
Problem
Users with access to a shared mailbox cannot retrieve shortcut
messages from the shared mailbox using the Offline Access client.
Workaround
Users of the shared mailbox should be granted delegate access to that
mailbox so that they can retrieve shortcut messages.
(SDR 31020)
In ES1 6.6 release notes SDR 31020 doesnt' appear, but testing the same in a lab suing ES1 6.6 problem persists.
Because such AD schema is common in many big companies I was wondering if there's any workaround or coming soon hotfix to avoid adding delegate rights (SendonBehalfOf) for all Account Forest users towards all Rosource Forest mailboxes.
Anyone who already face same problems could report his experiance ?
Could anyone else from EMC staff give any suggestions and/or report if some develop is planned at least for this particular issue ?
It's not so good ask customer to modify all accounts (many thousands in my case ).
Universal URL works sucessfully without delegate rights, why not to permit shortcut resolution for OA as well if user already has full mailbox permissions ?
For my opinion it should be considered enough and it'll resolve all problems when ES1 must run in such Multi Forests environment.
Best regards.
sdesrosi1
70 Posts
1
September 27th, 2010 07:00
Andrea,
Your findings are correct.
SDR 31020 is still open and has not yet been resolved.
At this time, there is no other option , other than giving delegate access.
What I recomend is opening a case with Support to add this customer to the currently open SDR 31020
Regards
Stephane
Andrea_Cassanel
45 Posts
0
September 27th, 2010 08:00
Thank you Stephen,
I hope SDR will be fixed soon.
So no hope it'll be fixed next ES1 6.5 patch 3 scheduled for end of this month.
thank for your support
sdesrosi1
70 Posts
0
September 27th, 2010 09:00
Andrea,
I apologize, I mis-understood what I read in SDR 31020.
At this time SDR 31020 his marked as resolved. It was opened because shared Mailboxes did not work at all with Offline Access.
The Resolution that came out of SDR 31020 was to make Offline Access work with Shared Mailboxes by granting delegate access.
At this time, what I recommend is for you to open a case with Support and have us take a look at this more closely with you , and if all fails, to open an RFE on behalf of the customer to request a possible Product Change.
Regards
Stephane