?
Solved

Grant a single account access to all mailboxes in Exchange 2003

Posted on 2005-04-19
13
Medium Priority
?
2,964 Views
Last Modified: 2008-01-09
I have followed several different articles on this, but still cannot seem to figure out how to open another user's mailbox, like i used to be able to do in Exchange 5.5.
From Microsoft. http://support.microsoft.com/default.aspx?scid=kb;en-us;821897

I have followed the instrucitons, but not sure what I need to do next.  At the top level of the Site Properties, I edited the security settings (after making the registry change to allow viewing of the Security Tab) and removed the Deny Receive As and Send As for the Enterprise Admins Group.  My user account is part of the Enterprise Admins Group.  \

I then drilled down to the mailbox stores and see my changes did propagate down, but I still cannot open other user's email boxes.  I have gone into my Outlook (Outlook 2003) and done File\Open\Other User's Folder and I get "Unable to display the folder.  The folder could not be found".  

I have tried creating a new profile, while logged in as both myslef and another Exchange Administrator account and all that happens is, I keep getting propted for a username and password while trying to connect to the Exchange server (like I would if I wasn't logged into the domain).  I supply the correct credentials, even making sure I preceed the username with the domain, i.e. domain\username and the correct password, and it just keeps popping back up like it is still waiting for me to enter the password.

Any suggestions would be greatly appreciated.  We have some issues at work where the CEO is suspicious of another worker breaking confidentiality rules and wants their email checked (which is allowed via the email policy they signed).

Thanks in advance.
0
Comment
Question by:EvilPeppard
13 Comments
 
LVL 24

Assisted Solution

by:David Wilhoit
David Wilhoit earned 60 total points
ID: 13820508
Well, I've done this before and it worked, but i did it at the Org level. Try also restarting the store, see what you get.
0
 
LVL 13

Expert Comment

by:hstiles
ID: 13824304
try the following link - it appears to be a known problem, although as an admin I don;t have this problem.

http://support.microsoft.com/?id=885924
0
 

Author Comment

by:EvilPeppard
ID: 13828517
Well, I am running Exchange 2003 with SP1 installed and I don't feel comfortable getting a hotfix just to try and correct this problem.

 I really don't understand what the issue is.  As I stated earlier:
I have tried creating a new profile, while logged in as both myslef and another Exchange Administrator account and all that happens is, I keep getting propted for a username and password while trying to connect to the Exchange server (like I would if I wasn't logged into the domain).  I supply the correct credentials, even making sure I preceed the username with the domain, i.e. domain\username and the correct password, and it just keeps popping back up like it is still waiting for me to enter the password.

Frustrating...any other ideas?  What should be happening?  Should I be able to create a brand new profile for the user and open it?  Should I be able to be logged into my email and choose open another user's folder and it work?  Thanks for any more feedback.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
LVL 13

Expert Comment

by:hstiles
ID: 13831524
The hotfix addresses the issue you have raised at the top.  If you have granted that user the relevant permissions at the mailbox store level and are still experiencing problems, you could try granting that user specific rights to the mailbox he intends to monitor via AD users and computers.

If neither of these fix it, then the hotfix is most likely you rnext step.
0
 

Author Comment

by:EvilPeppard
ID: 13834193
I have added my username at the store level.  I am also part of the Domain Admins group and the Enterprise Admins group.  I thought I read something about, even if I add my account, and I am part of the Enterprise Admins group (which denies receive as and send as by default), those settings will override my individual user rights I just added.

Do you think that is still the case, even if I remove the "deny" receive as and send as for the Enterprise Admins?  Also, after I make a change, do I have to restart teh Exchange Services or reboot the server, or do I just need to wait for the "normal" Active Directory replication time?

Once I want to try it, what do I do?  Do I log into a computer as myself, create a new profile with the user I want to attach to, then open Outlook using the profile I just created for that user?

Thanks again for all the feedback.
0
 
LVL 13

Expert Comment

by:hstiles
ID: 13834274
Trust me, if adding your account at the mailbox store level hasn't granted you access to other mailboxes contained in that mailbox store, you have a problem.

You should not need to reboot your Exchange server - in my case the permissions to effect immediately.
0
 

Author Comment

by:EvilPeppard
ID: 13834295
Ok, thanks...do I do the following?:

Once I want to try it, what do I do?  Do I log into a computer as myself, create a new profile with the user I want to attach to, then open Outlook using the profile I just created for that user?
0
 
LVL 13

Accepted Solution

by:
hstiles earned 1140 total points
ID: 13834310
shouldn't need to

either from you rown mail profile choose open, other user's folder and select the folder or, if you need full access, go to accounts, exchange and advanced and add additional mailboxes.
0
 

Author Comment

by:EvilPeppard
ID: 13834361
Just tried it and I'm still getting the damn error:
"Unable to display the folder.  The Inbox folder could not be found".

I'm not in a huge hurry to call Microsoft, so I guess I'll wait for a while.  Maybe this will be resolved in Exchange SP2.
0
 
LVL 13

Expert Comment

by:hstiles
ID: 13834368
what version of outlook are you using and how long ago did you create the new mailbox?
0
 

Author Comment

by:EvilPeppard
ID: 13834410
I am currently running Outlook 2003 from Office 2003 Pro.  

I have tried it in both "cached" and on a different laptop in "non-cached" mode.  I cannot open another user's mailbox, nor create a profile using their information and open the profile directly.  When I try opening the profile directly, while Outlook is trying to open it, I start getting a Windows login prompt box.  I put every variable of credentials in that box, but it just keeps popping backup with the password field blank.
0
 

Assisted Solution

by:digerato
digerato earned 300 total points
ID: 13863801
Try this:

Create a new account in AD.  Then go to your Org or Admin group level, right click, then click Delegate Control and follow the wizard prompts.  Add your newly created account as an Exchange View Only Admin and finish the wizard.

Next, go to the security tab on your exchange server and make sure the newly created account has "allow" checked on Administer Information Store, Send As, and Receive As.

Wait a few minutes and you should have what you want.  This worked for me when setting up a blackberry account/mailbox, which requires similar access.

Hope that helps.
0
 

Author Comment

by:EvilPeppard
ID: 13888446
Well, I got this to finally work.  It ends up, I was having problems with my domain controller.  LDAP was not working properly.  I added a new unit and demoted the problem one and now I can open other user's mailboxes just fine.....talk about an elusive problem!  Took me 2 weeks to figure out and prove I had a problem controller.

Thanks for all the replies.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Steps to fix “Unable to mount database. (hr=0x80004005, ec=1108)”.
In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question