Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Users cannot open other users calendars after Exchange 5.5 to 2003 Migration

Posted on 2004-09-07
Medium Priority
Last Modified: 2008-03-10
Rolled out Active Directory and migrated to Exchage 2003 (from 5.5) this weekend for a 100 user company. Everything seems to be going well except for this one little quirk. Users have always had rights to view everyone else's Calendars, as well as one group has the right to view & edit everyones contacts. The permissions were assigned by opening each users calendar permissions from their outlook and adding in the "everyone" distribution list and assigning the appropriate rights. Same for the contacts, our "contact group" was given edit permissions to all users contacts. Everything worked fine in the 5.5 world, until we added in the Exchange 2003 server.

We currently have both our Exchange 5.5 and Exchange 2003 Servers running, replicating (as Microsoft recomended we do until all users have logged in at least once to get the updated settings - then remove the 5.5 server). However now no one can access anyone else's calendars or contacts. We get an "Unable to display the folder. The Calendar folder could not be found." error. We found that we could give individual users permissions to other peoples calendars and they can access it, but it seems to ignore the "everyone" group that is setup. If we try to add any group to someones calendar (including removing and re-adding the "everyone" group) we get the following error:
"The modified permissions could not be saved. The client operation failed."

Any thoughts?

Question by:smradmin
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 25

Expert Comment

ID: 12000726
i think the answer is actually pretty obvious in your question,,, distribution groups can NOT have secuirty rights,,, that is what secuirty groups are for.  Why you can even add distribution groups there i don't know.  I would test this out by adding on user (or secuirty group if you have one) to the access list for a calendar and see if that person (or a member of the group) can access it then.  If so then that is your problem.
LVL 12

Expert Comment

ID: 12001210

The following articles will explain in detail the security issue you are experiencing ... what functional level is your domain? If it is still mixed-mode then you cannot use distribution groups to manage security in your E2K3 environment ...

http://support.microsoft.com/?id=328801 (references 2000 but still relevant for 2003)

http://www.winnetmag.com/MicrosoftExchangeOutlook/Article/ArticleID/20328/20328.html (references 2000 but still relevant for 2003)

Author Comment

ID: 12001364
mikeleebrla > Thanks, I'm new to AD & Exchange 2003. I wasn't aware that you cannot use DL's to control access. We can add users individually and it works, but I'm still trying to figure out how to give a group of people access (since I can't use DL's) and I can't seem to access security groups from the calendar permissions....

BNettles73>We are running in mixed mode because we have to keep our Exchange 5.5 server (running NT4) up for another week until everyone logs in and gets the new settings. Thanks for the articles.

Can either of you recomend the best way to procede? Is there a way to access security groups from the calendar permissions to grant access? Or is there another way of granting the appropriate permissions to calendars and contacts?
LVL 12

Accepted Solution

BNettles73 earned 2000 total points
ID: 12002747

If you were running in a native 2003 environment then you could use Universal DL's to administer security ... in a mixed mode 2003 environment, I believe you have two choices ... either use Universal Security Groups to administer permissions for public folders ... or setup a temporary child domain and upgrade the functionality to native 2003 ... then you can use ADC to replicate your DL's and convert them over to UDL's, which in turn can be used for security ... that is the simple process ...

If you can make it a week, once 5.5 is gone you could just switch the AD to native 2003 (FYI ... I am not talking about Exchange Native ... we are speaking soley in terms of AD) ....

If you don't have many PFS then you might think about configuring Universal Security Groups and reset the perms on your folders ... this is a seriously tedious task for medium-large environments ...

Read through the Winnet article I sent you ... I'm pretty sure it covers most of this ...

Author Comment

ID: 12006686
Thanks BNettles73, at least I have a couple options now

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New style of hardware planning for Microsoft Exchange server.
Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

596 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question