locked
Exchange 2000/2003 Delegate Permissions RRS feed

  • Question

  • Hi,

    I have an exchange organisation with 2x Exchange 2000 and
    2x Exchange 2003 servers. I am trying to use the Delegate Control Wizard to
    give a security group Exchange View Only rights.

    It works ok for the Exchange 2003 servers.

    For the Exchange 2000 servers, the permissions propagate
    down to the server level but not the Mailbox Store Level. On each of the
    Mailbox Stores the Allow inheritable permissions from parent to propagate to
    this object is ticked.

    Is there another step I am missing on the 2000 servers?


    Monday, February 13, 2012 11:42 AM

Answers

  • OK, I have not attempted this before, least of all in relation to an exchange 2000 box. Via adsiedit please can you review the permissions currently set for CN=InformationStore & verify that these flow down on to CN=My Storage Group?

    If required please add suitable permissions for the group you wish to have view only capability.

    Regards

    • Proposed as answer by AllBarOne Friday, February 17, 2012 5:51 PM
    • Marked as answer by Terence Yu Monday, March 5, 2012 3:08 AM
    Tuesday, February 14, 2012 4:34 PM

All replies

  • Hello,

    Please attempt to use the exchange 2000 delegation wizard on one of the exchange 2000 servers, as described here....

    http://support.microsoft.com/kb/289811

    Kind Regards

    Monday, February 13, 2012 4:17 PM
  • Hi,

    I managed to get the permissions sorted on one of the 2000 boxes by unticking the Allow
    inheritable permissions and then re checking it, but it does not work on the
    other 2000 server.

    I have tried your suggestion on the server that still is a problem, but it as before
    it does not change the permissions on the mailbox store.

    I have tried to apply permissions explicitly on the mailbox
    store, however I am unable to see the mailbox store in AD when creating user
    accounts still, I have tried giving full access and I still have the same
    problem.

    Cheers.


    Tuesday, February 14, 2012 10:09 AM
  • Hi,

    If you feel comfortable using adsiedit.msc please check the following path in the active directory "configuration partition"...

    CN=Services,CN=Microsoft Exchange,CN=Name of your Exchange organisation,CN=Administrative Groups,CN=First Administrative Group,CN=Servers.

    Does the problem 2000 server appear in the list of exchange servers found here?

    Regards

    Tuesday, February 14, 2012 11:13 AM
  • Hi,

    I have checked ADSI Edit and the server is there,

    also the mailbox stores are in CN=InformationStore,CN=My Storage Group,

    Cheers.

    Tuesday, February 14, 2012 11:35 AM
  • OK, I have not attempted this before, least of all in relation to an exchange 2000 box. Via adsiedit please can you review the permissions currently set for CN=InformationStore & verify that these flow down on to CN=My Storage Group?

    If required please add suitable permissions for the group you wish to have view only capability.

    Regards

    • Proposed as answer by AllBarOne Friday, February 17, 2012 5:51 PM
    • Marked as answer by Terence Yu Monday, March 5, 2012 3:08 AM
    Tuesday, February 14, 2012 4:34 PM
  • Hi

       This link will be helpful to you.

       Working with Store Permissions in Microsoft Exchange 2000 Server and Exchange Server 2003


       PS: exchange 2000 is not supported by MS now.

    Terence Yu

    TechNet Community Support

    Wednesday, February 15, 2012 1:08 AM
  • Hi,

    Looking at the permissions in ADSI edit the Storage Groups where not inheriting permissions.

    Thanks for your help with this.

    Friday, February 17, 2012 9:10 AM
  • Hi

    Good to know we got there.

    All the best.

    Friday, February 17, 2012 5:52 PM