locked
Exchange 2010 permissions thru Security Groups RRS feed

  • Question

  • Been having issues with giving permissions to a mailbox thru exchange 2010 when applying it thru the security groups. It takes about 45mins to an hour for the permission to apply.  If you give direct access to the mailbox thru exchange - and it gives you permissions straight away.

    Any suggestions why its slower when giving permission thru a security group?

    Thursday, May 19, 2011 12:01 AM

Answers

  • I think this is because Microsoft Exchange Information Store service caches the permissions , so you need to wait updating the cache.

    To grant the permission immediately, stop and then restart the Microsoft Exchange Information Store service.

    For Outlook 2007 and Outlook 2010 clients, AutoDiscover services updates the permission automatically.

    Allow Mailbox Access

    Manage Send As Permissions for a Mailbox


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Jerome Xiong Tuesday, May 24, 2011 2:55 AM
    Friday, May 20, 2011 6:28 AM
  • It's likely due to the membership caching mentioned by Jerome. Try this for grins it may or may not help. 

    set-mailbox user -database nameofDB

    This will refresh the cache per user such as if you upped their limit. However it may or may not work in your case because the store may be caching the group membership so it's more of a backlink cache.


    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
    • Marked as answer by Jerome Xiong Tuesday, May 24, 2011 2:55 AM
    Friday, May 20, 2011 2:04 PM
  • Set the cache time to something more aggreable and see if that helps:

    http://technet.microsoft.com/en-us/library/bb684892(EXCHG.80).aspx

     

    I generally set to 20 minutes

    • Marked as answer by Jerome Xiong Tuesday, May 24, 2011 2:55 AM
    Friday, May 20, 2011 4:23 PM

All replies

  • Hi Slee85,

    What kind of permission you gona apply with security group ??. permission model in Exchange 2010 is different than its legacy version of exchange which is known as RBAC.

    Did you try to manage permission by RBAC, If you tell us what exactly you want then we can offer you exact cmdlet.

    For more detail about RBAC, Please go thru below article.

    http://www.msexchange.org/articles_tutorials/exchange-server-2010/management-administration/exchange-2010-role-based-access-control-part1.html

    http://social.technet.microsoft.com/Forums/en/exchangesvradmin/thread/71f0fa54-a927-4a9f-9802-a272b7da54e5


    Anil
    Thursday, May 19, 2011 3:33 AM
  • I think this is because Microsoft Exchange Information Store service caches the permissions , so you need to wait updating the cache.

    To grant the permission immediately, stop and then restart the Microsoft Exchange Information Store service.

    For Outlook 2007 and Outlook 2010 clients, AutoDiscover services updates the permission automatically.

    Allow Mailbox Access

    Manage Send As Permissions for a Mailbox


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Jerome Xiong Tuesday, May 24, 2011 2:55 AM
    Friday, May 20, 2011 6:28 AM
  • It's likely due to the membership caching mentioned by Jerome. Try this for grins it may or may not help. 

    set-mailbox user -database nameofDB

    This will refresh the cache per user such as if you upped their limit. However it may or may not work in your case because the store may be caching the group membership so it's more of a backlink cache.


    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
    • Marked as answer by Jerome Xiong Tuesday, May 24, 2011 2:55 AM
    Friday, May 20, 2011 2:04 PM
  • Set the cache time to something more aggreable and see if that helps:

    http://technet.microsoft.com/en-us/library/bb684892(EXCHG.80).aspx

     

    I generally set to 20 minutes

    • Marked as answer by Jerome Xiong Tuesday, May 24, 2011 2:55 AM
    Friday, May 20, 2011 4:23 PM
  • Hi Anil,

    So how can I grant the following permission for my two AD security group in Exchange Server 2010 ?

    IT Admin group (Full access and permission for all AD and Exchange related).

    IT Helpdesk group (can only create mailbox and modify the mailbox properties including AD distribution group and contacts).


    /* Server Support Specialist */

    Thursday, October 30, 2014 10:32 PM