locked
Missing NT Authority\SELF on mailbox RRS feed

  • Question

  • Why would the NT Authority\SELF account disappear from one users mailbox. We are running Exchange 2007.

    Nothing that we know of changed for the user other than not being able to access their mailbox. Once we added NT Authority\SELF to the full access permissions everything worked.

    Monday, March 19, 2012 4:00 PM

All replies

  • When a user becomes a member of a protected group, not only does the user no longer inherit permissions from its parent object in AD, but some default ACLs are also removed and others added.

    So accounts added to protected groups have different ACLs than standard user accounts in AD. This can impact functionality, such as the ability to upload a user’s certificate to the Global Address List (GAL) in Exchange due to missing SELF permissions on the user’s AD account

    Check this article -

    http://www.windowsitpro.com/article/active-directory/advanced-active-directory-security


    Satheshwaran Manoharan | Exchange 2003/2007/2010 | Blog:http://www.careexchange.in | Please mark it as an answer if it really helps you


    Monday, March 19, 2012 4:07 PM
  • I agree with that but the user was not added to any protected groups.
    Monday, March 19, 2012 4:14 PM
  • Someone likely removed it whether or not it was inadvertent. The only time I've heard of it being missing is during migrations.

    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

    Monday, March 19, 2012 4:20 PM