Consider the following scenario:
- You create a linked mailbox (MB1) on a Microsoft Exchange Server 2010 mailbox server in an Active Directory forest (forest A).
- MB1 is associated with a disabled account user A in the forest A.
- MB1 is linked to a linked master account user B in the trust forest B.
- User A is a member of the domain local group.
- You assign Full Access permission for another linked mailbox (MB2) in forest A to user B.
- User B tries to access MB2 by using Microsoft Office Outlook.
This issue occurs because the Authz API that the Client Access server uses performs an access check on the domain local group account in an incorrect way.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about how to create a linked mailbox, visit the following Microsoft website:Authz API, visit the following Microsoft website:
General information about how to deploy Exchange Server 2010 in an Exchange resource forest topology