Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Logging into Exchange with NT vs. AD accounts in mixed mode

How users can log into mailboxes with their NT accounts instead of Active Directory accounts in a mixed Exchange 5.5 and Exchange 2003 environment.

I'm planning an NT 4.0/Exchange 5.5 to Windows Server 2003/Exchange 2003 upgrade. In a new, parallel Active Directory deployment, I will use the Active Directory Migration Tool to migrate/copy user accounts to Active Directory. Then, I will use it again to modify the access control lists (ACLs) of the Exchange 5.5 mailboxes, so that the new Active Directory accounts would become the new owners.

After I run that, can I still log in with the old NT accounts and access those mailboxes? Or can I only log in with the Active Directory account from that point on?

It depends on the permissions that are modified during the ACL update. If you leave the old NT account as the primary NT account of the Exchange 5.5 mailbox, then the new account should still have access to the resource via SIDHistory. But it would require you to keep the legacy domain online indefinitely, and have a functioning trust in place.

You should determine how long you want to keep the legacy domain online, then re-ACL the primary NT accounts to the new accounts. After that, you can have your users log into the Active Directory domain versus NT.

Do you have comments on this Ask the Expert Q&A? Let us know.
Related information from SearchExchange.com:

  • Learning Center: Toolbox for Exchange administrators
  • Learning Guide: Exchange Server migration
  • Reference Center: Exchange permissions and authentication

  • Dig Deeper on Legacy Exchange Server versions

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.