I have a scenario where User account A which is a member of Universal Security Group A on Forest A needs to be able to Manage Exchange on Forest B. There is a two way trust between the forests.
I've been following the instructions at http://technet.microsoft.com/en-gb/library/dd876918%28EXCHG.140%29.aspx which is entitled "Create Linked Role Groups that Mirror Built-in Role Groups", and performed the same 5 steps to create a Organization Management Linked Role Group. The 5 steps were performed on the Exchange Server in Forest B.
Unfortunately, when user A runs EMC either from Forest A or directly on the exchange server in Forest B - he gets the error "The following error occured when retrieving user information for "FORESTA\USERA": The operation couldn't be performend because the object 'S-1-5-21-2109259259241-1205553685-3412767256-1103' couldn't be found on 'dc1.forest.B'. It was running the command 'Get-LogonUser'.
I understand the error is suggesting my user account does not exist on Forest B - which is correct - but the whole point of creating a linked role group is so that user accounts don't have to be created in the Exchange Forest.
Can anybody shed some light into this issue?