Exchange 2003 SP2: Understanding multi-domain DL update and delegate issues - Part 2

If you have been struggling with Delegate errors in multi-domain environments where you consistently get the below error when attempting to add a delegate for a user, you are now in luck as there is a hotfix for Outlook 2003 that will help alleviate some of this pain. http://msexchangeteam.com/archive/2007/04/09/437620.aspx went in to this in greater […]

If you have been struggling with Delegate errors in multi-domain environments where you consistently get the below error when attempting to add a delegate for a user, you are now in luck as there is a hotfix for Outlook 2003 that will help alleviate some of this pain.

http://msexchangeteam.com/archive/2007/04/09/437620.aspx went in to this in greater detail and some of the pros/cons on some of the workarounds that could have been used to possibly make this work in your environment. The Outlook update to help with this is in the Outlook 2003 post-Service Pack 3 hotfix 946207 and is explained further in 946208. Porting this change to Outlook 2007 is under consideration currently.

To go in to more detail regarding this hotfix, let's touch a bit on why this was previously failing. In a multi-domain environment, it is possible for Outlook to get proxied to a domain controller in which you did not have a writable context to update the users Send on Behalf of list in Active Directory. If this call returned an access denied, the delegate was not added to the user's mailbox and would fail with the above error.

A current workaround would be to pull up Active Directory Users and Computers (ADUC), get properties of the user and then add the Send on behalf of right to the user that is trying to be added to this list. Once Active Directory replication has occurred for this user and the domain controller that Exchange has referred your Outlook client to has this updated information, you could then add the delegate to the user's mailbox successfully. The only problem here is that if you need to add/remove users to the users Delegate list, you have to use ADUC first to add/remove that user from the Send on Behalf of list before they can remove or add delegates again. This is not only a pain, but not an optimal experience for the end user or the administrator that has to add/remove these Send on Behalf of rights.

Full Article

Exchange 2003, SP2, Domain, Delegate, Directory, Troubleshooting, Tips, Tricks, Tips and Tricks, Outlook, Microsoft