Mailboxfolderpermissions not synced/copied from Target to Source

Situation:

Migrating from 2008 R2 forest to new 2008 R2 forest. Both forests have an exchange 2013 infrastructure, it's a large environment so the migration of all users will take several months which is why co-existance is required. We're using Quest AD & Exchange migration manager (8.13). Calendar synchronisation is one-way. (Source > target for users active in the source domain, Target > source for users who have been activated in the target domain)

 

Problem:

When we're synchronising the users/mailboxes from the Source to the Target domain, mailbox items and all permissions are transferred correctly. However, once we 'switch' a mailbox to the target domain, the content is synchronised but the folder permissions are not. This is mostly noticeable with the calendar:

- Existing permissions cannot be modified (or rather, we can change the permissions, but they are not synced back to the source domain)

- Unable to share the calendar in the target domain with 'new' users that are still located in the source domain. (edit: not new users, but new permissions for users who are synced to the new domain, but still active in the source domain)

 

Is this by design? If it is a problem, would upgrading to 8.14 solve this issue? 

  • The source objects you are trying granting permissions too needs to be part of the directory sync in order for the permission to resolve. One way Cal sync is always from Active mailbox to Inactive mailbox. So pre-switch that is source to target, post switch that is target to source.

    Now there is NO way to sync the rest of the mailbox permissions from the target to the source

    Additionally there is a point where you need to start on-boarding the new users directly in the target.

  • In reply to Jeff Shahan:

    Just to be clear, all users are synced to the new domain using the Migration Manager for AD. Mailboxes are also created for the synced users in the target domain and their mailbox content is synchronised, so the permissions should be able to resolve as far as I can tell.

    New and/or updated permissions for migrated users in the target domain do not get synchronised back to their mailbox copy in the source domain.

     

    Edit: here's what I see in the MagE log of a test account on which I've added Editor permissions on the calendar for my own account, which is synchronised but not yet switched. 

     

    *** Initial Mailbox Sync ***

    2017-11-15 10:39:26.6240 PxB00 Tx10 A13 C11 M148 Trace SRC(Ews) GetPermissionsChanges begin
    2017-11-15 10:39:26.7821 PxB00 Tx10 A13 C11 M148 Trace SRC(Ews) test.itglo43@xxxx.com/Agenda Old permissions:
    2017-11-15 10:39:26.7821 PxB00 Tx10 A13 C11 M148 Trace SRC(Ews) test.itglo43@xxxx.com/Agenda New permissions: [{"CanCreateItems":false,"CanCreateSubFolders":false,"DeleteItems":0,"EditItems":0,"IsFolderContact":false,"IsFolderOwner":false,"IsFolderVisible":false,"PermissionLevel":9,"ReadItems":1,"UserIdName":"Default"},{"CanCreateItems":false,"CanCreateSubFolders":false,"DeleteItems":0,"EditItems":0,"IsFolderContact":false,"IsFolderOwner":false,"IsFolderVisible":false,"PermissionLevel":0,"ReadItems":0,"UserIdName":"Anonymous"},{"CanCreateItems":true,"CanCreateSubFolders":false,"DeleteItems":2,"EditItems":2,"IsFolderContact":false,"IsFolderOwner":false,"IsFolderVisible":true,"PermissionLevel":3,"ReadItems":3,"UserIdName":"Tijs.VandenBroeck@xxxx.com"}]

    *** Initial Mailbox Sync ***

    I can tell that my account is succesfully added to the calendar (agenda) permissions (after the default and anonymous permissions were added).

    All looks well so I switch the mailbox, after the mailbox is switched I see the following in the calendar synchronisation logs. (I'm using two-way synchronisation for testing purposes here)

    ***Calendar Sync Log ***

    ### I can see it checks for changes in the TARGET (now primary) folder, to synchronise back to the SOURCE ###

    2017-11-15 12:43:29.2572 Px7DC Tx19 A20 C20 M148 Trace Exec SQL: SAVE_FOLDER_PROCESSING_INFO @ID = '7425', @MAILBOX_ID = '148', @COLL_SYNC_TYPE = '6', @FOLDER_ID = '*snip*', @DISPLAY_NAME = 'Agenda', @CONTENT_COUNT = '4', @ASSOC_CONTENT_COUNT = '2', @MESSAGE_SIZE = '61462', @WELL_KNOWN_FOLDER = '0', @TO_PROCESS_COUNT = '6', @PROCESSED_COUNT = '6', @PROCESSED_LAST_SESSION_COUNT = '', @FAILED_COUNT = '0', @ERROR_TEXT = '', @SYNC_DIRECTION = '2',
    2017-11-15 12:43:29.2729 Px7DC Tx19 A20 C20 M148 Trace Folder info: display name - 'Agenda', folderId - '*snip*', normal content count - '4', associated content count - '2', size - '61462'
    2017-11-15 12:43:29.2729 Px7DC Tx19 A20 C20 M148 Trace Enumerate folders collect size end
    2017-11-15 12:43:29.2729 Px7DC Tx19 A20 C20 M148 Trace SRC(Ews) SyncFolderHierarchy begin
    2017-11-15 12:43:29.2729 Px7DC Tx19 A20 C20 M148 Trace TRG(Ews) GetFolderHierarchyChanges begin
    2017-11-15 12:43:29.2729 Px7DC Tx19 A20 C20 M148 Trace TRG(Ews) GetFolderHierarchyChanges end
    2017-11-15 12:43:29.2729 Px7DC Tx19 A20 C20 M148 Trace SRC(Ews) SetFolderHierarchyChanges begin
    2017-11-15 12:43:29.2729 Px7DC Tx19 A20 C20 M148 Trace SRC(Ews) SetFolderHierarchyChanges end
    2017-11-15 12:43:29.2729 Px7DC Tx19 A20 C20 M148 Trace SRC(Ews) SyncFolderHierarchy end
    2017-11-15 12:43:29.2729 Px7DC Tx19 A20 C20 M148 Trace SRC(Ews) SyncContent begin
    2017-11-15 12:43:29.4916 Px7DC Tx19 A20 C20 M148 Trace SRC(Ews) Well known folder was not found SyncIssues
    2017-11-15 12:43:29.5866 Px7DC Tx19 A20 C20 M148 Trace SRC(Ews) Well known folder was not found Conflicts
    2017-11-15 12:43:29.6960 Px7DC Tx19 A20 C20 M148 Trace SRC(Ews) Well known folder was not found LocalFailures
    2017-11-15 12:43:29.7753 Px7DC Tx19 A20 C20 M148 Trace SRC(Ews) Well known folder was not found ServerFailures
    2017-11-15 12:43:29.8222 Px7DC Tx19 A20 C20 M148 Warning SRC(Ews) Well known folder was not found CommonViews
    2017-11-15 12:43:29.8222 Px7DC Tx19 A20 C20 M148 Trace SRC(Ews) ---- Processing folder: Agenda
    2017-11-15 12:43:29.8847 Px7DC Tx19 A20 C20 M148 Trace Exec SQL: SAVE_FOLDER_PROCESSING_INFO @ID = '7425', @MAILBOX_ID = '148', @COLL_SYNC_TYPE = '6', @FOLDER_ID = '*snip*', @DISPLAY_NAME = 'Agenda', @CONTENT_COUNT = '4', @ASSOC_CONTENT_COUNT = '2', @MESSAGE_SIZE = '61462', @WELL_KNOWN_FOLDER = '0', @TO_PROCESS_COUNT = '6', @PROCESSED_COUNT = '6', @PROCESSED_LAST_SESSION_COUNT = '0', @FAILED_COUNT = '0', @ERROR_TEXT = '', @SYNC_DIRECTION = '2',
    2017-11-15 12:43:29.8847 Px7DC Tx19 A20 C20 M148 Trace Exec SQL: SAVE_FOLDER_PROCESSING_INFO @ID = '7425', @MAILBOX_ID = '148', @COLL_SYNC_TYPE = '6', @FOLDER_ID = '*snip*', @DISPLAY_NAME = 'Agenda', @CONTENT_COUNT = '4', @ASSOC_CONTENT_COUNT = '2', @MESSAGE_SIZE = '61462', @WELL_KNOWN_FOLDER = '0', @TO_PROCESS_COUNT = '6', @PROCESSED_COUNT = '6', @PROCESSED_LAST_SESSION_COUNT = '0', @FAILED_COUNT = '0', @ERROR_TEXT = '', @SYNC_DIRECTION = '2',
    2017-11-15 12:43:29.8847 Px7DC Tx19 A20 C20 M148 Trace SRC(Ews) SyncContent end
    2017-11-15 12:43:29.8847 Px7DC Tx19 A20 C20 M148 Trace TRG(Ews) StartSync begin
    2017-11-15 12:43:29.8847 Px7DC Tx19 A20 C20 M148 Trace TRG(Ews) MatchWellKnownFoldersIds begin
    2017-11-15 12:43:29.8847 Px7DC Tx19 A20 C20 M148 Trace TRG(Ews) MatchWellKnownFoldersIds end
    2017-11-15 12:43:29.8847 Px7DC Tx19 A20 C20 M148 Trace Synchronize automatic reply
    2017-11-15 12:43:29.9628 Px7DC Tx19 A20 C20 M148 Trace Enumerate folders collect size start

    ### Because of the two-way synchronisation, it also checks for changes in the SOURCE, to synchronise back to the TARGET ###

    2017-11-15 12:43:30.0409 Px7DC Tx19 A20 C20 M148 Trace Exec SQL: SAVE_FOLDER_PROCESSING_INFO @ID = '7407', @MAILBOX_ID = '148', @COLL_SYNC_TYPE = '6', @FOLDER_ID = '*snip*', @DISPLAY_NAME = 'Agenda', @CONTENT_COUNT = '4', @ASSOC_CONTENT_COUNT = '2', @MESSAGE_SIZE = '62426', @WELL_KNOWN_FOLDER = '0', @TO_PROCESS_COUNT = '6', @PROCESSED_COUNT = '6', @PROCESSED_LAST_SESSION_COUNT = '', @FAILED_COUNT = '0', @ERROR_TEXT = '', @SYNC_DIRECTION = '1',
    2017-11-15 12:43:30.0409 Px7DC Tx19 A20 C20 M148 Trace Folder info: display name - 'Agenda', folderId - '*snip*', normal content count - '4', associated content count - '2', size - '62426'
    2017-11-15 12:43:30.0409 Px7DC Tx19 A20 C20 M148 Trace Enumerate folders collect size end
    2017-11-15 12:43:30.0409 Px7DC Tx19 A20 C20 M148 Trace TRG(Ews) SyncFolderHierarchy begin
    2017-11-15 12:43:30.0409 Px7DC Tx19 A20 C20 M148 Trace SRC(Ews) GetFolderHierarchyChanges begin
    2017-11-15 12:43:30.0409 Px7DC Tx19 A20 C20 M148 Trace SRC(Ews) GetFolderHierarchyChanges end
    2017-11-15 12:43:30.0409 Px7DC Tx19 A20 C20 M148 Trace SRC(Ews) GetPermissionsChanges begin
    2017-11-15 12:43:30.1503 Px7DC Tx19 A20 C20 M148 Trace SRC(Ews) GetPermissionsChanges end
    2017-11-15 12:43:30.1503 Px7DC Tx19 A20 C20 M148 Trace TRG(Ews) SetFolderHierarchyChanges begin
    2017-11-15 12:43:30.1503 Px7DC Tx19 A20 C20 M148 Trace TRG(Ews) SetFolderHierarchyChanges end
    2017-11-15 12:43:30.1503 Px7DC Tx19 A20 C20 M148 Trace TRG(Ews) SyncFolderHierarchy end
    2017-11-15 12:43:30.1503 Px7DC Tx19 A20 C20 M148 Trace TRG(Ews) SyncContent begin
    2017-11-15 12:43:30.1816 Px7DC Tx19 A20 C20 M148 Trace TRG(Ews) ---- Processing folder: Agenda
    2017-11-15 12:43:30.2441 Px7DC Tx19 A20 C20 M148 Trace Exec SQL: SAVE_FOLDER_PROCESSING_INFO @ID = '7407', @MAILBOX_ID = '148', @COLL_SYNC_TYPE = '6', @FOLDER_ID = '*snip*', @DISPLAY_NAME = 'Agenda', @CONTENT_COUNT = '4', @ASSOC_CONTENT_COUNT = '2', @MESSAGE_SIZE = '62426', @WELL_KNOWN_FOLDER = '0', @TO_PROCESS_COUNT = '6', @PROCESSED_COUNT = '6', @PROCESSED_LAST_SESSION_COUNT = '0', @FAILED_COUNT = '0', @ERROR_TEXT = '', @SYNC_DIRECTION = '1',
    2017-11-15 12:43:30.2441 Px7DC Tx19 A20 C20 M148 Trace Exec SQL: SAVE_FOLDER_PROCESSING_INFO @ID = '7407', @MAILBOX_ID = '148', @COLL_SYNC_TYPE = '6', @FOLDER_ID = '*snip*', @DISPLAY_NAME = 'Agenda', @CONTENT_COUNT = '4', @ASSOC_CONTENT_COUNT = '2', @MESSAGE_SIZE = '62426', @WELL_KNOWN_FOLDER = '0', @TO_PROCESS_COUNT = '6', @PROCESSED_COUNT = '6', @PROCESSED_LAST_SESSION_COUNT = '0', @FAILED_COUNT = '0', @ERROR_TEXT = '', @SYNC_DIRECTION = '1',
    2017-11-15 12:43:30.2441 Px7DC Tx19 A20 C20 M148 Trace TRG(Ews) SyncContent end
    2017-11-15 12:43:30.2441 Px7DC Tx19 A20 C20 M148 Trace TRG(Ews) StartSync end

    ***Calendar Sync Log ***

    During the second part of the two-way synchronisation, I can see the following takes place: "SRC(Ews) GetPermissionsChanges begin" and "SRC(Ews) GetPermissionsChanges end". This check for permissions only takes place from SOURCE to TARGET. Is this normal?