This issue can occur if the Exchange Server 5.5 mailbox's primary Microsoft Windows NT account is in the forest but it is not in the domain that the ADC connection agreement is running in. One of the 'Mailbox to Account' mapping schemes used is the NT-SID. The ADC does a global catalog lookup and finds that the security identifier (SID) value exists in another domain, but the ADC cannot write to it. The ADC then generates the error message described in the preceding section. The following scenario is an example of this behavior:
There are two domains in the same forest, Domain A and Domain B. Exchange Server 5.5 exists in Domain A, and all of the primary Windows NT accounts that Exchange Server 5.5 uses exist in Domain A. An ADC is configured to replicate the Exchange Server 5.5 mailbox information to Domain B. However, replication fails.
The ADC does a global catalog lookup for the SIDs of the Exchange Server 5.5 mailboxes and finds the user accounts in Domain A. The ADC then tries to link them, but fails because the domain controller in Domain B has no writable replicas of objects in Domain A.