Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 506
  • Last Modified:

Public Folder Permissions problems after restore from tape - SBS 2000

I believe I have a bit of a "chicken and the egg" problem after rebuilding the SBS server, creating an NEW AD and restoring the exchange databases from backup (using ntbackup).  
For several long-winded reasons I decided to recreate the AD information by manually creating new user and computer accounts. I used the same OU names and domain information to make it work.
I got both databases to mount (priv and Pub) without incident and was sucessfull in remapping the mailboxes to new user accounts. So far so good.

My problem is specificaly with the Public folders.  I sensed we were having permision problems and after looking around it seems I was right ..
Here is what I got...

If I look at the public folder properties in Outlook I am not given the options to look at the security tab so I  can only look at the permissions in the SUMMARY tab which shows the folder is owned by an unresolved SID. I presume it to be the SID from the Admin account of the old AD.
I went to the ESM to try view/edit permissions there but I can NOT open any public folder properties.  When I try I get an LDAP error that looks like this:

There is no such object on the server

Facility: LDAP Provider
ID no: 800072030
Exchange System Manager

Additional symptoms  -  User can read and write to the public folders but can't create new ones nor can they CC email to them anymore.  
Can someone please recomend a tool I could use to assume administrative ownership over the public folders again?



1 Solution
Use Exchange System Manager to add a replica of the top-level folder (only). After you do so, you can propagate the folder rights successfully to all of the subfolders.

You can run pfdavadmin utility to reset the PF Permissions.

jc07874Author Commented:
OK .. I used the PFDadmin tool to get 1/2 way there.  Now I can move the folders around and has solved my permissions problem.
I can move the folders around to the
But I still have the LDAP error. So I think I still need to do the replication of the top level folder.  However I have never done this and not sure how. I tried to chang he properties of the TOp level folder "PUBLIC FOLDERS" but the Pfadmin tool say  you can't change permissions on this folder.  I must be missing something.

COuld you point me to or walk me thru the process of how to replicate the top level folder as I have seen noted in several places. Also I am not sure which top level folder the docs refer too.

Much Thanks  - I think I am seeing light at the end of the tunnel.


Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

jc07874Author Commented:

I guess I am saying is I am not clear how or why to set up replication if I only have one exchange server.

are you able to access the properties of the public folders now via Outlook.

do you get the LDAP error when you check the properties of the new folders or just all of the old folders.
jc07874Author Commented:
I was finaly able to do what Kunal suggested.
I was then able to see permissions and remove the unresolved cids from the prevoious defunct domain.
After doing that I was able to mail enable all the folders and set opject correctly.



Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now