Forum Discussion

Arnaud_Roffe's avatar
Arnaud_Roffe
Copper Contributor
Dec 14, 2023

Exchange 2019 Cross forest mailbox delegation error

Hello,

 

I am trying to give a user from a forest A fullaccess to a shared mailbox located in forest B.

Bidirectional trust is configured on the forests.

 

I use this command from Forest A:

 

Add-MailboxPermission -Identity YYYMailboxNameYYY -User YYYDomain\Username from Forest BYYY -AccessRights fullaccess -InheritanceType all

 

 

When running this command, I receive the following error:

 

WARNING: An unexpected error has occurred and a Watson dump is being generated: Unable to cast object of type 'Microsoft.Exchange.Data.Directory.Recipient.ADContact' to type
'Microsoft.Exchange.Data.Directory.Recipient.IADSecurityPrincipal'.
Unable to cast object of type 'Microsoft.Exchange.Data.Directory.Recipient.ADContact' to type 'Microsoft.Exchange.Data.Directory.Recipient.IADSecurityPrincipal'.
    + CategoryInfo          : NotSpecified: (:) [Add-MailboxPermission], InvalidCastException
    + FullyQualifiedErrorId : System.InvalidCastException,Microsoft.Exchange.Management.RecipientTasks.AddMailboxPermission

 

 

The only workaround I found is to change the msExchVersion attribute on the MailContact in the AD from value 88218628259840 to value 1125899906842624 before running the command.

 

I would like to know if someone has already encountered this error and if a real solution is available to solve this issue.

 

Thanks.

 

  • LeonPavesic's avatar
    LeonPavesic
    Silver Contributor

    Hi Arnaud_Roffe,

    The error you're experiencing is linked to the msExchVersion attribute in Active Directory for cross-forest contacts. Specifically, the Add-MailboxPermission command requires a specific value for this attribute to function correctly.

    A common workaround involves modifying the msExchVersion attribute from 88218628259840 (indicating Exchange 2013) to 1125899906842624 (representing Exchange 2016).
    While this adjustment covers the successful execution of the Add-MailboxPermission command, it doesn't impact the functionality of the Add-MailboxFolderPermission command.

    Microsoft does not officially support this approach.

    You can consider alternative solutions such as migrating the shared mailbox to the same forest as the user, or syncing the Global Address List (GAL) between the two forests.

    Yoou can use these links for more information:
    Exchange 2019 cross-forest permission issue, msExchVersion strange behaviour. - Microsoft Q&A

    Exchange Cross Forest Shared mailbox delegation (microsoft.com)

    practical365.com

    Please click Mark as Best Response & Like if my post helped you to solve your issue.
    This will help others to find the correct solution easily. It also closes the item.


    If the post was useful in other ways, please consider giving it Like.


    Kindest regards,


    Leon Pavesic
    (LinkedIn)

    • Arnaud_Roffe's avatar
      Arnaud_Roffe
      Copper Contributor
      Hello,
      We finally find a solution.
      We have configured MIM to clear the msexchmasteraccountsid attribute on the contact.
      After doing that, we are able to set the mailbox permissions without arror. And cross forest sharedmailbox access works as expected.

      Arnaud

Resources