Just reporting the weirdest thing Ive ever seen. I had a script that ran regularly that used the add-mailboxpermission and remove-mailboxpermission cmdlets. I specified the GUID in the -user parameter as Im a big fan of identifying everything with guids. Just recently I noticed that the cmdlets errored out with:
Couldn’t resolve the user or group “e8a27845-79b9-4647-853c-77bf71e4cc65.” If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust.
I changed the -user parameter to use the email address instead of the GUID and it worked.
When did it start failing? Just after we established an external domain trust from our 2012 DC to a w2k3 domain!!! Go figure…