Granting permissions in Exchange Public folders between trusted domains

I have an Exchange 2003 Enterprise Edition Server in a 2003 Domain.  I have an NT 4.0 domain.  A 2 way trust is setup and working between the domains.

The NT 4.0 Domain users have emailboxes on the Exchange server and can access the Exchange Public folders.  They can make entries in the public folders but they cannot edit other user entries, which is what I would like some of them to do (with editor rights for example).  Any suggestions?

How do I add the trusted NT 4.0 domain users with client permissions on a public folder?  Client permissions is where the users need to be added, correct?  Adding them in the directory or adminstrator access of the public folder property of permissions does not work.

Thanks,
Chris
cpshambroAsked:
Who is Participating?
 
SembeeConnect With a Mentor Commented:
Disagree with me then.

It cannot be done. You cannot use NTFS permissions to grant access to public folders. The permissions are exclusively set as client permissions and controlled through the MAPI client.

The fact that you can see the NT4 domain in the NTFS permissions doesn't mean anything. That is because it is NTFS permissions. NTFS permissions are not used for public folder access.

Simon.
0
 
SembeeCommented:
Client permissions is on the only place that you can make the changes.
You have to grant the rights to the mailboxes they have located on your server.

You cannot grant permissions to their accounts elsewhere.

Simon.
0
 
cpshambroAuthor Commented:
You have confirmed my understanding that I need to assign client permsissions to users.  What I don't know is how to add client permissions to the NT 4.0 domain users where I have a successful 2 way trust setup.  Any ideas?

Thanks,
Chris
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
cpshambroAuthor Commented:
With a little more research I have uncovered the real problem.

Check out Microsoft KB article 330508.  It explains that Public folders have 2 sets of permiossions, one for  NTSD (NTFS) and another for MAPI ACLs (MAPI aware applications).  The article recommends not editing the public folder's NTSD list in Exchange System Mannager (ESM).  The article helps explain what not to do but it also does not explain very well what to do to update the MAPI ACLs with the trusted domain users.  Any suggestions?

If I press the ctl key and click properties, I can see the NTSD list and the NT 4.0 domain users that I would like to add.  But like the article says, I cannot simply update the MAPI ACLs.

Thanks,
Chris
0
 
SembeeCommented:
Let me expand further.

You can only grant MAPI permissions to mailboxes that are located in the same Exchange org. If you NT4 users don't have a mailbox in the same Exchange org, then you cannot grant permissions to them.
The presence of the trust is immaterial.

Simon.
0
 
cpshambroAuthor Commented:
I would have to disagree even though the steps are not easy.  I can see the NT 4.0 trusted domain user in the ESM client permissions once a new public folder has been created by the user.  I would imagine that the NTSD ACL and MAPI ACL files can be edited using the ctl key on the client permissions tab in ESM and then using the pfinfo.exe utility.  This procedure is somewhat ...well ugly.

Have you or someone you know attempted this?

Thanks,
Chris
0
 
cpshambroAuthor Commented:
Thank you Simon for the information.  I really do appreciate the interest and information to help me solve this problem.  At this point the permissions cannot be set.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.