Domain Admin Mailbox Right

We just upgraded to Exchange 2000 and I noticed that all of the mailboxes have the Domain Admin group with a Deny status on the Full Mailbox access. But its an Inherited permission because its grey out check mark that can't be unchecked. I need to have Domain admin full permissions to all mailboxes, does anyone know where the permission is coming from and how to turn it off.
timd4273Asked:
Who is Participating?
 
timd4273Author Commented:
The problem is with the mailboxes that were created with 5.5 and now are transfered to 2000. These mailboxes inherited these permissions automatically from somewhere, there are several of them. Domain Admin & Enterprise Admin are both given inherited permissions with deny as the full mailbox access permission.
0
 
slink9Commented:
Yes, and that article seems to address default (or inherited?) rights and how to change them.  Did you try the steps in the article?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
timd4273Author Commented:
Yes, but the article doesn't refer to the permissions that are assigned once you send an email to the account. When you first create an mailbox it only adds a permission for "Self" and once an email is sent to the account it adds several permissions including Domain Admins. But Domain Admins have the permission of Deny for Full Mailbox Access, I need to change that setting to Allow. Any and all help is appreciated.
0
 
MattAHillCommented:
Me too! And I found the answer :)

XADM: How to Get Service Account Access to All Mailboxes in Exchange 2000
http://support.microsoft.com/?kbid=262054

And this one

XADM: Security Tab Not Available on All Objects in System Manager
http://support.microsoft.com/default.aspx?scid=kb;EN-US;259221

This worked a treat, I had inherited denys on Full Mailbox Rights and after changing the SendAs & ReceiveAs deny's on the organisation I could then open anyones mailbox.
0
 
HadleyRCommented:
slink9's link is dead.
0
 
slink9Commented:
Go to http://support.microsoft.com and type in Q272153 and you will get to it.
0
 
JoJoGaborCommented:
I had the same issue as this. I halso had to stop each server in the organisation from inheriting permissions, as I couldn't find the next level up to set permissions. Can anyone tell me where that is?
0
All Courses

From novice to tech pro — start learning today.