MORE INFORMATION

Typically, an Exchange 2000 mailbox or an Exchange 2003 mailbox is associated with a Windows 2000 user account. Exchange 2000 and Exchange 2003 use the Windows 2000 Active Directory directory service, and the mailbox is represented by a set of attributes on a user account instead of being its own directory object. However, you can configure a Windows NT 4.0 user account or a Windows 2000 user account in another forest to be associated with an Exchange 2000 mailbox or an Exchange 2003 mailbox.

This situation typically occurs when you migrate from Windows NT 4.0 and Microsoft Exchange Server 5.5 to Windows 2000 and Exchange 2000 or Exchange 2003. However, you can create a new Exchange 2000 mailbox or a new Exchange 2003 mailbox and configure a Windows NT 4.0 user account to be the account that is associated with that mailbox. This situation may also occur when Windows 2000 user accounts are in a separate forest from the Exchange 2000 mailboxes.

Move a mailbox from Exchange Server 5.5 to Exchange 2000 or Exchange 2003

If your user accounts are still on Windows NT 4.0, but you have deployed Active Directory, you can use this method to give the Windows NT 4.0 user account (or Windows 2000 user account in another forest) ownership of an Exchange 2000 mailbox or an Exchange 2003 mailbox.

Note To follow these steps, you must have an existing Exchange Server 5.5 mailbox that is already associated to a Windows NT 4.0 account.

1. Use the Active Directory Connector (ADC) to replicate the Exchange Server 5.5 mailboxes to Active Directory. A disabled user is created in Active Directory for the mailbox. The disabled user has an attribute that is named msExchMasterAccountSid. This attribute is the security ID (SID) for the Windows NT 4.0 account.
2. Install a server that is running Exchange 2000 or Exchange 2003 on the same site as the server that is running Exchange Server 5.5.
3. Use the Active Directory Users and Computers snap-in to move the mailbox from the server that is running Exchange Server 5.5 to the server that is running Exchange 2000 or Exchange 2003.

The Windows NT 4.0 user has access to the mailbox on the Exchange 2000 computer or the Exchange 2003 computer because the Exchange 2000 mailbox or the Exchange 2003 mailbox is matched to the disabled user account that is created by the ADC. The Windows NT 4.0 account is granted the Send As right as its user permissions. The Windows NT 4.0 account is also granted Read, Associated External Account, and Full Mailbox Access rights as its mailbox permissions.

For more information about the Active Directory Connector, visit the Microsoft Exchange 2000 Server Upgrade Series Web page at the following Microsoft Web site: http://www.microsoft.com/technet/prodtechnol/exchange/2000/deploy/upgrademigrate/series/default.mspx

Associate an Exchange 2000 mailbox or an Exchange 2003 mailbox with a Windows NT 4.0 user account or with a Windows 2000 user account that is in another forest

Use the following method to grant permission to access an Exchange 2000 mailbox or an Exchange 2003 mailbox to a Windows NT 4.0 account or a Windows 2000 user account in another forest.

Note You must establish a trust relationship between the Windows 2000 domain and the Windows NT 4.0 domain, or between two of the separate forest domains, before you complete these steps.

1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
2. Click the Users container.
3. On the Action menu, point to New, and then click User.
4. Type the user's name in the First Name, Initial, and Last Name boxes.
5. Type the user's logon name in the User logon name box, and then click Next.
6. Type the user's password in the Password box, type the password again in the Confirm password box, and then click Next.
7. In the Server list, click the server that you want to hold the mailbox.
8. In the Mailbox Store list, click the mailbox store that you want to hold the mailbox, and then click Next.
9. Click Finish.
10. Right-click the user account that you created, click Disable Account, and then click OK.
11. On the View menu, click to select Advanced Features.
12. Right-click the user account, and then click Properties.
13. Click the Security tab, and then click Add.
14. In the Type names separated by semicolons or choose from list box, type the Windows NT 4.0 user account that you want to own the mailbox (or the Windows 2000 user account in another forest that you want to own the mailbox), and then click OK.
15. In the User Properties dialog box, click the user account that you added in step 14.
16. In the Permissions list, click to select the Allow check box next to the Send As permission.
17. Click the Exchange Advanced tab, and then click Mailbox Rights.
18. Click Add, click the user account that you added in step 14, and then click OK.
19. In the Permissions list, click to select the Allow check boxes next to Read Permissions, Full Mailbox Access, and Associated External Account.
20. Click OK.

The Windows NT 4.0 user account (or the Windows 2000 user account in another forest) is now the associated external account for the mailbox and effectively owns the mailbox.

For additional information about how to programmatically associate an Exchange 2000 mailbox to a Windows NT 4.0 account, click the following article numbers to view the articles in the Microsoft Knowledge Base: