locked
Exchange 2010 - Some Group permissions doesn't work on public folders RRS feed

  • Question

  • First of all, sorry for pasting it to Exchange 2013 but there no space for Exchange 2010.

    We have this environment:
    - Domain 2008, Exchange 2010, Outlook 2010
    - I have 2 groups both of them are Universal Security groups. Lets call them GroupOne and GroupTwo. And user "JohnDOE" who is a member of both groups.
    - Public folder "TestPF" with permissions: Anonymous - None, Default - None

    Problem:
    When I add Owner permission to GroupOne (current state: Anonymous - None, Default - None, GroupOne - Owner) - the user can instantly see this public folder in Outlook.
    When I add Owner permission to GroupTwo (current state: Anonymous - None, Default - None, GroupTwo - Owner) - the user can not see this public folder in Outlook. 

    Both groups seems to be the same. Only difference between them that I see is that GroupOne has attribute "dSCorePropagationData" set and GroupTwo has 0x0. But I have another group which has this attribute set but doesn't work either (so I ignore this attribute). And GroupOne is older than GroupTwo.

    I'm running out of ideas so please could you give me an advice?

    Wednesday, September 9, 2015 12:04 PM

All replies

  • Check that the user is a member of the groups. When the user is logged in, run:

    whoami /groups

    It may be that AD replication has not completed or the user has not yet logged off and back on. If so, either force replication or get the user to log off and back on again. 

    Were the groups created recently and were they created at the same time or one created before the other?

    Thanks.


    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010

    Blog: http://markgossa.blogspot.com

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Wednesday, September 9, 2015 12:49 PM
  • The user is member of both groups (and he knows it - whoami /groups or net user username /domain work correctly and you can see both groups there). The first group which works is older than year. The second group is new one but it is a few days from creation now. 

    When I use them for securing folders in the filesystem or shared folders both of them work. The only problem is with public folders. 


    • Edited by Ales Tichy Wednesday, September 9, 2015 1:17 PM
    Wednesday, September 9, 2015 1:11 PM