Solved

Granting permissions in  Exchange Public folders between trusted domains

Posted on 2006-07-12
7
1,212 Views
Last Modified: 2012-05-05
I have an Exchange 2003 Enterprise Edition Server in a 2003 Domain.  I have an NT 4.0 domain.  A 2 way trust is setup and working between the domains.

The NT 4.0 Domain users have emailboxes on the Exchange server and can access the Exchange Public folders.  They can make entries in the public folders but they cannot edit other user entries, which is what I would like some of them to do (with editor rights for example).  Any suggestions?

How do I add the trusted NT 4.0 domain users with client permissions on a public folder?  Client permissions is where the users need to be added, correct?  Adding them in the directory or adminstrator access of the public folder property of permissions does not work.

Thanks,
Chris
0
Comment
Question by:cpshambro
  • 4
  • 3
7 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 17099088
Client permissions is on the only place that you can make the changes.
You have to grant the rights to the mailboxes they have located on your server.

You cannot grant permissions to their accounts elsewhere.

Simon.
0
 

Author Comment

by:cpshambro
ID: 17122762
You have confirmed my understanding that I need to assign client permsissions to users.  What I don't know is how to add client permissions to the NT 4.0 domain users where I have a successful 2 way trust setup.  Any ideas?

Thanks,
Chris
0
 

Author Comment

by:cpshambro
ID: 17123431
With a little more research I have uncovered the real problem.

Check out Microsoft KB article 330508.  It explains that Public folders have 2 sets of permiossions, one for  NTSD (NTFS) and another for MAPI ACLs (MAPI aware applications).  The article recommends not editing the public folder's NTSD list in Exchange System Mannager (ESM).  The article helps explain what not to do but it also does not explain very well what to do to update the MAPI ACLs with the trusted domain users.  Any suggestions?

If I press the ctl key and click properties, I can see the NTSD list and the NT 4.0 domain users that I would like to add.  But like the article says, I cannot simply update the MAPI ACLs.

Thanks,
Chris
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 104

Expert Comment

by:Sembee
ID: 17123471
Let me expand further.

You can only grant MAPI permissions to mailboxes that are located in the same Exchange org. If you NT4 users don't have a mailbox in the same Exchange org, then you cannot grant permissions to them.
The presence of the trust is immaterial.

Simon.
0
 

Author Comment

by:cpshambro
ID: 17123723
I would have to disagree even though the steps are not easy.  I can see the NT 4.0 trusted domain user in the ESM client permissions once a new public folder has been created by the user.  I would imagine that the NTSD ACL and MAPI ACL files can be edited using the ctl key on the client permissions tab in ESM and then using the pfinfo.exe utility.  This procedure is somewhat ...well ugly.

Have you or someone you know attempted this?

Thanks,
Chris
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 17124471
Disagree with me then.

It cannot be done. You cannot use NTFS permissions to grant access to public folders. The permissions are exclusively set as client permissions and controlled through the MAPI client.

The fact that you can see the NT4 domain in the NTFS permissions doesn't mean anything. That is because it is NTFS permissions. NTFS permissions are not used for public folder access.

Simon.
0
 

Author Comment

by:cpshambro
ID: 17135030
Thank you Simon for the information.  I really do appreciate the interest and information to help me solve this problem.  At this point the permissions cannot be set.
0

Featured Post

Backup Solution for AWS

Read about how CloudBerry Backup fully integrates your backups with Amazon S3 and Amazon Glacier to provide military-grade encryption and dramatically cut storage costs on any platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video discusses moving either the default database or any database to a new volume.

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question