I have a client with an exchange 2003  resource dedicated forest
(forestA) and another forest with all the domain accounts (forest B),
all the accounts in the exchange server are disabled. But forests are
Exchange 2003 Server with SP". There is a trust relationship between
the two forests. The forestB trusts in forestA but forestA doesn't
trust in forestB. A enabled user from the account forest is associated
with a mailbox attached to a disabled user in the resource forest.
Since everything is working fine, but I'm havin problems with public
folders. When I create a Calendar Public Folder in Exchange the users
can not access the Calendar, they receive the message that they don't
have permissions to see the Calendar and is obvious because the user
are authenticated in forestB but not in forestA, they have permissions
in forestA just to pick their mail. I can use double authentication,
but the client doesn't want this option. Is there any way to solve
this problem? From the Exchange server when I try to give permission
to domain accounts I only have the option to choose accounts from the
forestA. How can I give permissions in the Calendar folder to domain
accounts in forestB.

http://technet.microsoft.com/en-us/library/aa997312%28EXCHG.65%29.aspx

Do the forest B accounts have Associated External Account right on the 
corresponding forest A mailbox?
-- 
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
..

"lpaiello" <pablo.aiello@hotmail.com> wrote in message 
news:d1b4b1cb-dc8e-42be-9738-babd6796991c@d10g2000yqh.googlegroups.com...
>I have a client with an exchange 2003  resource dedicated forest
> (forestA) and another forest with all the domain accounts (forest B),
> all the accounts in the exchange server are disabled. But forests are
> Exchange 2003 Server with SP". There is a trust relationship between
> the two forests. The forestB trusts in forestA but forestA doesn't
> trust in forestB. A enabled user from the account forest is associated
> with a mailbox attached to a disabled user in the resource forest.
> Since everything is working fine, but I'm havin problems with public
> folders. When I create a Calendar Public Folder in Exchange the users
> can not access the Calendar, they receive the message that they don't
> have permissions to see the Calendar and is obvious because the user
> are authenticated in forestB but not in forestA, they have permissions
> in forestA just to pick their mail. I can use double authentication,
> but the client doesn't want this option. Is there any way to solve
> this problem? From the Exchange server when I try to give permission
> to domain accounts I only have the option to choose accounts from the
> forestA. How can I give permissions in the Calendar folder to domain
> accounts in forestB.
>
> http://technet.microsoft.com/en-us/library/aa997312%28EXCHG.65%29.aspx 

Yes of course.

I Think we have problem because Resourse forest was migrate from NT
and Exchange 5.5 environment.

Rihgt now we are checking if objetSID of user account on Account
forest is de same that msExchMasterAccountSID attribute of user
account on Resourse forest.

http://www.msexchange.org/tutorials/Understanding-External-Associated-Account-Windows-Server-2003-Exchange-2003.html

Set the msExchMasterAccountSID attribute of the Mailbox to enabled
User Accounts in the Exchange Resource Forest to the Security
Identifier of the Active Directory User Account of the Active
Directory Account Forest. Some Third Party tools allow you to
automatically set the msEXchMasterAccountSID. You can also set the
msEXchMasterAccountSID with tools like ADSIEDIT.