Q

Logging into Exchange with NT vs. AD accounts in mixed mode

How users can log into mailboxes with their NT accounts instead of Active Directory accounts in a mixed Exchange 5.5 and Exchange 2003 environment.

I'm planning an NT 4.0/Exchange 5.5 to Windows Server 2003/Exchange 2003 upgrade. In a new, parallel Active Directory deployment, I will use the Active Directory Migration Tool to migrate/copy user accounts to Active Directory. Then, I will use it again to modify the access control lists (ACLs) of the Exchange 5.5 mailboxes, so that the new Active Directory accounts would become the new owners.

After I run that, can I still log in with the old NT accounts and access those mailboxes? Or can I only log in with the Active Directory account from that point on?

It depends on the permissions that are modified during the ACL update. If you leave the old NT account as the primary NT account of the Exchange 5.5 mailbox, then the new account should still have access to the resource via SIDHistory. But it would require you to keep the legacy domain online indefinitely, and have a functioning trust in place.

You should determine how long you want to keep the legacy domain online, then re-ACL the primary NT accounts to the new accounts. After that, you can have your users log into the Active Directory domain versus NT.


Do you have comments on this Ask the Expert Q&A? Let us know.
Related information from SearchExchange.com:

  • Learning Center: Toolbox for Exchange administrators
  • Learning Guide: Exchange Server migration
  • Reference Center: Exchange permissions and authentication

  • This was first published in November 2005

    Dig deeper on Microsoft Exchange Server 2003

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchWindowsServer

    SearchEnterpriseDesktop

    SearchCloudComputing

    SearchSQLServer

    Close