Forum Discussion
Arnaud_Roffe
Dec 14, 2023Copper Contributor
Exchange 2019 Cross forest mailbox delegation error
Hello,
I am trying to give a user from a forest A fullaccess to a shared mailbox located in forest B.
Bidirectional trust is configured on the forests.
I use this command from Forest A:
Add-MailboxPermission -Identity YYYMailboxNameYYY -User YYYDomain\Username from Forest BYYY -AccessRights fullaccess -InheritanceType all
When running this command, I receive the following error:
WARNING: An unexpected error has occurred and a Watson dump is being generated: Unable to cast object of type 'Microsoft.Exchange.Data.Directory.Recipient.ADContact' to type
'Microsoft.Exchange.Data.Directory.Recipient.IADSecurityPrincipal'.
Unable to cast object of type 'Microsoft.Exchange.Data.Directory.Recipient.ADContact' to type 'Microsoft.Exchange.Data.Directory.Recipient.IADSecurityPrincipal'.
+ CategoryInfo : NotSpecified: (:) [Add-MailboxPermission], InvalidCastException
+ FullyQualifiedErrorId : System.InvalidCastException,Microsoft.Exchange.Management.RecipientTasks.AddMailboxPermission
The only workaround I found is to change the msExchVersion attribute on the MailContact in the AD from value 88218628259840 to value 1125899906842624 before running the command.
I would like to know if someone has already encountered this error and if a real solution is available to solve this issue.
Thanks.
- LeonPavesicSilver Contributor
Hi Arnaud_Roffe,
The error you're experiencing is linked to the msExchVersion attribute in Active Directory for cross-forest contacts. Specifically, the Add-MailboxPermission command requires a specific value for this attribute to function correctly.
A common workaround involves modifying the msExchVersion attribute from 88218628259840 (indicating Exchange 2013) to 1125899906842624 (representing Exchange 2016).
While this adjustment covers the successful execution of the Add-MailboxPermission command, it doesn't impact the functionality of the Add-MailboxFolderPermission command.Microsoft does not officially support this approach.
You can consider alternative solutions such as migrating the shared mailbox to the same forest as the user, or syncing the Global Address List (GAL) between the two forests.
Yoou can use these links for more information:
Exchange 2019 cross-forest permission issue, msExchVersion strange behaviour. - Microsoft Q&A
Exchange Cross Forest Shared mailbox delegation (microsoft.com)
practical365.comPlease click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)- Arnaud_RoffeCopper ContributorHello,
We finally find a solution.
We have configured MIM to clear the msexchmasteraccountsid attribute on the contact.
After doing that, we are able to set the mailbox permissions without arror. And cross forest sharedmailbox access works as expected.
Arnaud