?
Solved

2003 ExMerge Permissions Issue

Posted on 2005-04-12
8
Medium Priority
?
1,649 Views
Last Modified: 2012-08-13
My domain\administrator account is a member of Enterprise Admins... by default this group has deny send as and recieve as for Exch 2003.  I went to the top org level in my sys manager and use the delegate control to set Enterprise Admins to be Full admin.. when it was setting the permissions I can an error that it cant apply the permissions... then I go back and look at the enterprise admins group and they DONT have the deny box checked... but yet I still cant open mailboxes with my administrator account.

Two questions..

1 how to resolve this permission issue? where the group is denied but it isnt showing up?

2 where do the top level permissions inherit FROM?  They are showing as they inherited from somewhere.. but where?  This is the top level.  I am running a mixed mode org right now with one 5.5 server there as well.

Thank you
0
Comment
Question by:NTGuru705
  • 4
  • 4
8 Comments
 
LVL 1

Author Comment

by:NTGuru705
ID: 13767098
I should say.. the error in exmerge log is.

Error opening message store (MSEMS). Verify that the Microsoft Exchange Information Store service is running and that you have the correct permissions to log on. (0x8004011d)
0
 
LVL 1

Author Comment

by:NTGuru705
ID: 13767621
I got around it by creating a new user... then I thought that I would be able to add that user to the Exchange Admins group and it would resolve the problem but it didnt.. I had to explicitly define the account at the top level of the org... I dont understand this.. if Exhange Admins have full control why would I have to define the user?
0
 
LVL 6

Expert Comment

by:vtsinc
ID: 13767675
YOu need to define the permissions at the org level (top) as you said.  Also need to override the "deny" on "send as" and "recieve as" for all groups for which the user account (presumablly ) is a member.  Groups permissions are probably overriding the user settings.  Also there is a registry key that you have to change.  I'll look for that an post again.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 6

Expert Comment

by:vtsinc
ID: 13767689
0
 
LVL 6

Accepted Solution

by:
vtsinc earned 1000 total points
ID: 13767700
Also I misspoke in my post prior to the link - "for all groups for which the user is a member" should say "for all groups for which the administrator (presumably) is a member.  Check Domain Admins as well as Enterprise Admins, for example.
0
 
LVL 1

Author Comment

by:NTGuru705
ID: 13768843
This is a good article... problem is I have done this... I have the security tab shown... for all reasoning there are no deny's set.. I did learn that I can override an inherited right though.. which I did not know.... I will post back tomorrow.

Thanks
0
 
LVL 6

Expert Comment

by:vtsinc
ID: 13769135
Just to be sure - the registry key is necessary if you haven't done that part yet.  I went though the same scenario earlier today.  Good luck!
0
 
LVL 1

Author Comment

by:NTGuru705
ID: 13772566
Without the key you cant see the tab.... understood.
Thanks
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question