Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
Exchange
2000.active.directory
2000.admin
2000.announcements
2000.app.conversion
2000.applications
2000.clients
2000.clustering
2000.connectivity
2000.development
2000.documentation
2000.general
2000.information.store
2000.interop
2000.kms
2000.misc
2000.protocols
2000.realtime.collabo.
2000.setup
2000.transport
2000.win2000
admin
application.conversion
applications
clients
clustering
connectivity
design
development
misc
mobility
setup
tools
  
 
date: Fri, 09 Jun 2006 15:38:08 GMT,    group: microsoft.public.exchange2000.admin        back       


Exch 2003 mailbox permissions    
First off, I migrated from Exchange 5.5 as I upgraded the domain from
NT to 2003 in December, which I suspect may be causing the issue. It
was a mailbox move, not an in-place upgrade. Everything else in the
domain is working smoothly except this.

In AD Users and Computers, I open up the user whose mailbox I want to
grant access to, Exchange Advanced -> Mailbox Rights, and add the
appropriate user, making sure that Full Mailbox Access is checked. 

This works for most users, but certain users I add to the permissions
list are not able to get into a mailbox - the two domain administrator
accounts. This is true for all user mailboxes I want to grant access
to. 

The message displayed when I'm logged on as one of those admins and I
try to File->Open->Other User's Folder in outlook is:

"Cannot display the folder. The Inbox folder could not be found."

(That's Outlook's standard message displayed when a user does not have
access to another mailbox.)

So I checked the permissions as specified in the first paragraph
above, and the two admin accounts have inherited permissions to all
the mailboxes:
Delete mailbox storage
Read permissions
Change permissions
Take ownership
Full mailbox access

The strange thing is that they also both have inherited Deny
permissions for Full mailbox access. I suspect this is overriding the
Allow permission, as I think an Allow only overrides a Deny when it's
explicitly defined at that level. But where is this Deny defined? I've
examined the Users container in AD Users and Computers (and turned on
Advanced Options to see the Security tab for it), which has no Deny
permissions. In Exchange System Manager, the permissions at the server
object level has "Receive As" and "Send As" set to Deny for the
admins, but that's normal, isn't it? 

Domain Admins and Enterprise Admins (both of which the noted admins
are members of) also are listed with inherited permissions (including
the Deny permission) along with the admin user accounts.

I've verified that both admins are Exchange Full Administrators, not
that it matters except the one I'm using to actually set the
permissions, because I can add non-admins to the permissions for each
others mailboxes with the desired results.

Any suggestions?
date: Fri, 09 Jun 2006 15:38:08 GMT   author:   David K

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us