locked
Active Directory ACL Rights and Exchange 2007 RRS feed

  • Question

  • Hi ... Hoping someone can assist me with the following problem.  I'm not sure if I'm to ask this in this forum or another forum.

    I have a Windows Server 2008 R2 Domain Controller and Exchange 2007 version 8.03.0192.001.  We have approximately 250 users configured with Exchange mailboxes.  We have an account named "Account_1" that has "Full Access Permission" to all mailboxes.  However this account is unable to access approximately 9 mailboxes.  I have tried the following to correct this problem:

    1.  Delete and re-add "Full Access Permission" within Exchange.
    2.  Re-boot Exchange.
    3.  Opened Active Directory, opened the user account, clicked the "Security" tab, clicked "Advanced", un-checked "Include Inheritable Permissions from this object's parent" checkbox, clicked "Add" on the security pop-up window, clicked OK.  I then re-checked the checkbox and clicked Ok.

    Step number 3 temporarily fixed the problem but a few hours later the problem re-appeared.

    Any suggestions ?

    JD

    Tuesday, January 24, 2012 7:17 PM

Answers

All replies

  • Hello,

    this seems for me more to be an Exchange question: http://social.technet.microsoft.com/Forums/en-US/category/exchangeserver/ even the permissions are partly configured in AD.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Tuesday, January 24, 2012 7:45 PM
  • I would not recmmend to delete the account and readd to security group.It seems that permission are not inherited properly.

    Select the account in Advance tab in NTFS security and select both

    Include Inheritable Permissions from this object's parent"

    Replace permission entries on all child object.

    and check how does it work.

    If the above does not I would also recommend to refer exchnage forum for better assistnace on the same.

    Hope this helps

    Regards,
    Sandesh Dubey.
    -------------------------------
    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
    My Blog: http://sandeshdubey.wordpress.com
    This posting is provided AS IS with no warranties, and confers no rights.

    Wednesday, January 25, 2012 9:31 AM
  • Thanks for the responses.  Is there a way to execute RepAdmin between our Domain Controllers and our Exchange Serer ?  I forgot to mention the following ...

    Exchange 2007 (version 8.03.0192.001) is installed on a Windows 2003 R2 Standard Server 64-Bit with SP2.

    Our Domain Controllers are Windows Server 2008 R2 Standard 64-Bit.

    I executed RepAdmin between our two Domain Controllers  and there do not seem to be any errors with replication.  We have two Domain Controllers in our environment.  I executed the following two commands on the Primary Domain Controller:

    repadmin /replsum * /bysrc /bydest /sort:delta

    repadmin /replsum * /bysrc /bydest /sort:failures

    Here are the results:

    Beginning data collection for replication summary, this may take awhile:
      .....

    Source DSA          largest delta    fails/total %%   error
     AD2                    31m:42s    0 /   5    0
     AD1                    31m:30s    0 /   5    0


    Destination DSA     largest delta    fails/total %%   error
     AD1                    31m:43s    0 /   5    0
     AD2                    31m:31s    0 /   5    0

    I have posted in the Exchange Forum and the technician first suggested it may be the "Inherited Permissions" being dropped.  Still not sure if this is A.D. or Exchange.

    JD

    Wednesday, January 25, 2012 5:54 PM
  • From the output the replication between the DC are correct.

    Have selected the below checkbox and inherited the permission what was the result.

    Include Inheritable Permissions from this object's parent"

    Replace permission entries on all child object.

    Regards,
    Sandesh Dubey.
    -------------------------------
    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
    My Blog: http://sandeshdubey.wordpress.com
    This posting is provided AS IS with no warranties, and confers no rights.

    Thursday, January 26, 2012 2:56 AM
  • Hello,

    repadmin is to check replication between DCs, so is the Exchange server also domain controller, which btw. is not recommended configuration?


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Thursday, January 26, 2012 7:32 AM
  • Hi Guys,

    Tried all suggestions but I still get the same result.  The Exchange server is not a domain controller.  Any other suggestions ?

    JD

    Thursday, February 9, 2012 12:38 AM