Solved

Domain Admin Mailbox Right

Posted on 2002-03-18
8
433 Views
Last Modified: 2009-12-16
We just upgraded to Exchange 2000 and I noticed that all of the mailboxes have the Domain Admin group with a Deny status on the Full Mailbox access. But its an Inherited permission because its grey out check mark that can't be unchecked. I need to have Domain admin full permissions to all mailboxes, does anyone know where the permission is coming from and how to turn it off.
0
Comment
Question by:timd4273
8 Comments
 
LVL 23

Accepted Solution

by:
slink9 earned 200 total points
ID: 6878251
0
 

Author Comment

by:timd4273
ID: 6878285
The problem is with the mailboxes that were created with 5.5 and now are transfered to 2000. These mailboxes inherited these permissions automatically from somewhere, there are several of them. Domain Admin & Enterprise Admin are both given inherited permissions with deny as the full mailbox access permission.
0
 
LVL 23

Expert Comment

by:slink9
ID: 6878497
Yes, and that article seems to address default (or inherited?) rights and how to change them.  Did you try the steps in the article?
0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 

Author Comment

by:timd4273
ID: 6878575
Yes, but the article doesn't refer to the permissions that are assigned once you send an email to the account. When you first create an mailbox it only adds a permission for "Self" and once an email is sent to the account it adds several permissions including Domain Admins. But Domain Admins have the permission of Deny for Full Mailbox Access, I need to change that setting to Allow. Any and all help is appreciated.
0
 

Expert Comment

by:MattAHill
ID: 8266393
Me too! And I found the answer :)

XADM: How to Get Service Account Access to All Mailboxes in Exchange 2000
http://support.microsoft.com/?kbid=262054

And this one

XADM: Security Tab Not Available on All Objects in System Manager
http://support.microsoft.com/default.aspx?scid=kb;EN-US;259221

This worked a treat, I had inherited denys on Full Mailbox Rights and after changing the SendAs & ReceiveAs deny's on the organisation I could then open anyones mailbox.
0
 
LVL 1

Expert Comment

by:HadleyR
ID: 11824932
slink9's link is dead.
0
 
LVL 23

Expert Comment

by:slink9
ID: 11825348
Go to http://support.microsoft.com and type in Q272153 and you will get to it.
0
 
LVL 1

Expert Comment

by:JoJoGabor
ID: 14330675
I had the same issue as this. I halso had to stop each server in the organisation from inheriting permissions, as I couldn't find the next level up to set permissions. Can anyone tell me where that is?
0

Featured Post

Backup Solution for AWS

Read about how CloudBerry Backup fully integrates your backups with Amazon S3 and Amazon Glacier to provide military-grade encryption and dramatically cut storage costs on any platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
Read this checklist to learn more about the 15 things you should never include in an email signature.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question