Exchange Server User Permissions in Active Directory Object

Posted on 2004-11-22
Medium Priority
Last Modified: 2010-08-05
We have exchange 5.5/ Winnt  running in co-existence with exchange 2003/ Windows 2000.

In active directory users and computers, user properties / Exchange Advance Tab shows a button called mailbox rights. If you click on this, the following is showing up as the default

Anonymous Login  - Read Permissions
mailbox user - Full permissions
Everyone - Read permissions

other than that, there is Domain Admins, Enterprise Admins, Exchange Domain Server, Exchange Administrator. Since these are all set as default. Do I need to deny permissions to

Anonymous, and everyone.

Currently when using Outlook express, emails intended for userA is going to the maibox of userB. But this only happens when Outlook Express is used as the mail client.

Any ideas, or can you direct me to a location where additional information on this might be available.
Question by:Christian_Agard
  • 4
  • 4
LVL 24

Expert Comment

ID: 12646088
If you deny permissions to Anonymous and Everyone then no one will be able to get their mail.  A deny is explicit.

As for Outlook Express, it can have separate accounts to pull information from, but it will deliver these messages to teh same .pst file.  If you own Exchange then you should have a license to utilize Outlook.  I would consider moving from Outlook Express to Outlook.  Outlook handles corporate mail scenarios much better than Outlook Express and allows you to easily configure separate profiles.


Author Comment

ID: 12647345
Unfortunately we have some users that need to use outlook express. Is there any other work around?
LVL 24

Expert Comment

ID: 12647701
From within Outlook Express....
    Remove UserB's account from User A's Outlook Express (default on opening).

From within Outlook Express
Manage Identities.

From here you can create a new identity for UserB.  You can then assign UserB's accounts to that identity.

Let me know if that works for you or does not work for you.
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 12647934
Thanks. This is where I problem is happening.

I am logged on to the computer as USERA.

I have no accounts or profiles in outlook express.
I create a new account,  I enter the username for USERB and the PASSWORD for USERB.

There are no other profiles other than the one or USERB

I do a send and receive and I get emails being downloaded for userA.
It should have checked for emails for USERB only, not USERA.

Any ideas on this?
LVL 24

Accepted Solution

flyguybob earned 1000 total points
ID: 12648208
Don't create a new account...this is why you are getting the messages delivered to the wrong location.  If you have the Main Identity configured for UserA and UserB then you will get both their e-mail in the Inbox.  Reconfigure the Tools...Accounts for UserA in the Main Identity...or create a new identity for User A.
Remove UserB's information in the Main Identity.

In Outlook Express.  (trust me when I say that Outlook is much cleaner in handling this)
Go into File...Identities and create the new identity for User B
Switch to that Identity (File...Switch...) for UserB
From that identity you will want to configure the information for User B.  Do not configure UserA's information here.

Now, you will have a problem in so far as User B's e-mail will still be in user A's account.  It is not easy to export the e-mail without Outlook, so you will probably have to re-forward the messages.


Author Comment

ID: 12648378
ok I just took another computer...
...trust me on this....Brand new computer.
Logged on as SAM
Create outlook express profile for SAM
Checked Email, and I received email for MARIA.

I am wondering is there is some type of permissions issue when Outlook Express is used. Everything works fine in Outlook, but these two users need to use Outlook Express.

My domain is running exchange 5.5 and exchange2003 in co-existence. Things worked fine, until I moved them to the exchange 2003 mail server.

If I go to Exchange 5.5 / Servers / and select the Exchange 2003 server, I see that SAM has under the windows NT account the following NT ATHORITY\SYSTEM.

However if I double click on SAM, I would see the Primary Windows NT account as DOMAINNAME/sam.

My problem is when using OUTLOOK EXPRESS (pop) the emails for MARIA etc is ending up in SAM's mailbox.

Could the NT ATHORITY\SYSTEM stuff somehow setup this mailbox as a collection box or something of that nature. Is there a way to fix this?

I know I can remove the user, but I wont know if this is happening to other mailboxes etc. Any ideas.

Author Comment

ID: 12649968
OK it turns out that I only get this problem if Secure Password Authentication is selected. So I'll just un-check that.

LVL 24

Expert Comment

ID: 12677500
I was on the road and just checked on this question.  SPA was part of the answer?  Interesting, to say the least.  Is it all working now?

Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Steps to fix “Unable to mount database. (hr=0x80004005, ec=1108)”.
Stellar Exchange Toolkit: this 5 in 1 toolkit comes loaded with mega-software tool. Here’s an introduction to tools’ usage and advantages:
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question