locked
Why “Manage Full Access Permission” show passive server? RRS feed

  • Question

  • When I right click on a mailbox and select “Manage Full Access permission”, why I see my CCR passive server showing as a user with? mark next to it \\domain\PassiveServer$

    All other users and groups look normal for the mailbox.  I see no active or cluster server.

    Exchange 2007 sp3 CCR

    Thanks

    Friday, April 20, 2012 3:39 PM

Answers

  • Hi

    Moving Exchange VS to passive nod will not update the permission.The passive node computer account is assigned Full Control permissions to the Exchange Server 2007 server object.

    You also could refer to the below KB: The passive node computer account is unexpectedly assigned Full Control permissions after you install the Passive Clustered Mailbox role in an Exchange Server 2007 cluster environment

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;951578 

    Cheers

    Zi Feng


    Zi Feng

    TechNet Community Support

    • Marked as answer by Baba 20009 Friday, April 27, 2012 9:26 PM
    Wednesday, April 25, 2012 5:39 AM
    Moderator

All replies

  • Hi

    Please try the solution on the below link

    http://www.exchange-powershell.com/2010/06/03/exchange-cannot-remove-ace-on-object-because-it-is-not-present/comment-page-1/

    Hope it helps

    Cheers

    Zi Feng


    Zi Feng

    TechNet Community Support

    Monday, April 23, 2012 4:15 AM
    Moderator
  • My objective was not to remove it since it is not causing a problem.

    I wanted to know it's relation to CCR Cluster and if it has anything to do with it because it appears on any user I move from signle exchange server to CCR Cluster!!  I am in middle of migrating users.

    Thanks

    Tuesday, April 24, 2012 3:57 PM
  • Hi

    Moving Exchange VS to passive nod will not update the permission.The passive node computer account is assigned Full Control permissions to the Exchange Server 2007 server object.

    You also could refer to the below KB: The passive node computer account is unexpectedly assigned Full Control permissions after you install the Passive Clustered Mailbox role in an Exchange Server 2007 cluster environment

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;951578 

    Cheers

    Zi Feng


    Zi Feng

    TechNet Community Support

    • Marked as answer by Baba 20009 Friday, April 27, 2012 9:26 PM
    Wednesday, April 25, 2012 5:39 AM
    Moderator
  • Hi Zi

    I appreciate you time pointing me to your link.

    I followed your link for the resolution instruction using AdsiEdit.msc.  After doing step 7 things are not clear and I wanted to make sure if I am doing something wrong or not.

    For step 8 I do not see an option to add permission and I am wondering I have to do the following:

    8 – A – After clicking “Add” in step 7, “Select User, Service Account, or Group” menu will pop up.  I click on “Objet Types”, place a check mark by “Computers”, OK. Type the passive server, “Check Name”, OK.

    8-B – “Permission Entry for Cluster” menu will pop up, select “properties” tab, and apply to: “This object only” and select the following:

      

    -          Write msExchEdgeSyncCredential

    -          Write msExchServerSite

    9- A – While I am in same “permission Entry for Cluster” menu, I select “Object” tab and apply to: “This object and all descendant objects” and select the following:

    -          List Contents

    9- B - While I am in same “permission Entry for Cluster” menu, I select “Properties” tab and apply to: “This object and all descendant objects” and select the following:

    -          Everything that starts with “Read” (there are close to 100 check marks!!)

    Two questions:

    1-     1-  Is my instruction correct?  I was going to do this in lab before apply to production.

    2-      2- What would be the side effect if I just not make any changes at this time?

             

     Thank you

    Thursday, April 26, 2012 3:53 PM
  • Personally, I would just ignore it. Its not going to hurt you to leave it as is.

    Thursday, April 26, 2012 5:51 PM
  • I agree for now i just leave it alone.  Thanks all.
    Friday, April 27, 2012 9:26 PM