weguardyou
asked on
Trying to gain control of a domain
Hello All,
How would I go about gaining full control of exchange, so that I can delegate control and other functions; such as moving exchange to a new system and making modifications to global catalog lists?
The problem is this; the former senior administrator assigned himself (his account) as the top of many functions of the domain & exchange. He also deleted his account from the system.
So now I am trying to gain control.
Some info: My account is a “Domain Admin” account. I can make many changes, so I am sure that I can get around the fact that he deleted his account, but I don’t know how.
So thank you to anyone that can help me gain control of this system.
How would I go about gaining full control of exchange, so that I can delegate control and other functions; such as moving exchange to a new system and making modifications to global catalog lists?
The problem is this; the former senior administrator assigned himself (his account) as the top of many functions of the domain & exchange. He also deleted his account from the system.
So now I am trying to gain control.
Some info: My account is a “Domain Admin” account. I can make many changes, so I am sure that I can get around the fact that he deleted his account, but I don’t know how.
So thank you to anyone that can help me gain control of this system.
Do this through Exchange System Manager.
Go down to your Public Folder Instances and find each public folder change the permissions.
Go down to your Public Folder Instances and find each public folder change the permissions.
ASKER
Thank you for your answers, but I am left with the fact of why can’t I delegate control of exchange to myself. I go into the Exchange Delegation Wizard: All that is in there is the deleted ID: example: S-1-5-21-776561741-12… and its Role is Exchange Full Administrator.
If you can provide a step by step, perhaps that would be more helpful for me.
If you can provide a step by step, perhaps that would be more helpful for me.
ASKER
Even in the public folders when I attempt to remove that deleted user’s system id. Example: S-1-5-21-776561741-12… I get a security message saying I can’t remove it because it’s inheriting the permission from its parent.
That’s all good to know, but then again I don’t have the option to uncheck it from inheriting permissions in this area. Again I am confused.
That’s all good to know, but then again I don’t have the option to uncheck it from inheriting permissions in this area. Again I am confused.
Have you tried taking ownership of the root?
properties> Security >advanced >ownership
properties> Security >advanced >ownership
ASKER
You say “take ownership of “root”.
Root of what?
Please elaborate more if at all possible
Root of what?
Please elaborate more if at all possible
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That last answer was great… and helpful to a point so a awarded the credit to you for that.
My dilemma still remains: I follow the steps as per the link from Microsoft and what I get at the end is an “error”.
It says: Failed to grant permission of DOMAIN\user on this object:
/dc=com/dc=DOMAIN/cn=Confi guration/c n=Service/ cn=Microso ft Exchage
So I am still suck…
My dilemma still remains: I follow the steps as per the link from Microsoft and what I get at the end is an “error”.
It says: Failed to grant permission of DOMAIN\user on this object:
/dc=com/dc=DOMAIN/cn=Confi
So I am still suck…
I don't know if you suck, but you are definitely still "stuck"! <g>
If you followed the Q-note and performed the ADSI editing as noted, you should be able to wrest control.
Are you sure that the account you are using has Schema Admin and Enterprise Admin rights? You've GOT to have those to do this work. You should make sure that you add your own account and the new E2K service account to those groups and let those rights replicate before performing this work. If you have multiple DC's, are you sure that they are replicating properly?
If you followed the Q-note and performed the ADSI editing as noted, you should be able to wrest control.
Are you sure that the account you are using has Schema Admin and Enterprise Admin rights? You've GOT to have those to do this work. You should make sure that you add your own account and the new E2K service account to those groups and let those rights replicate before performing this work. If you have multiple DC's, are you sure that they are replicating properly?
ASKER
My account has the following listed:
It’s a member of:
Administrators, BackOffice Internet Users, Domain Admins, Domain Internet Users, Domain Users, Enterprise Admins, Group Policy Creator Owners, Schema Admins
I am sure this should cover all the rights I should need. Yet it still does not.
I am waiting for a complete 24 hours to pass to re/try the last steps to see if that will work.
It’s a member of:
Administrators, BackOffice Internet Users, Domain Admins, Domain Internet Users, Domain Users, Enterprise Admins, Group Policy Creator Owners, Schema Admins
I am sure this should cover all the rights I should need. Yet it still does not.
I am waiting for a complete 24 hours to pass to re/try the last steps to see if that will work.
Is it possible that you have a deny in the Domain Users or Domain Internet Users group that is preventing you from doing certain things?
http://www.msexchange.org/tutorials/How_to_get_access_to_all_mailboxes_in_Exchange_2000_Server.html