Solved

Granting permissions in  Exchange Public folders between trusted domains

Posted on 2006-07-12
7
1,168 Views
Last Modified: 2012-05-05
I have an Exchange 2003 Enterprise Edition Server in a 2003 Domain.  I have an NT 4.0 domain.  A 2 way trust is setup and working between the domains.

The NT 4.0 Domain users have emailboxes on the Exchange server and can access the Exchange Public folders.  They can make entries in the public folders but they cannot edit other user entries, which is what I would like some of them to do (with editor rights for example).  Any suggestions?

How do I add the trusted NT 4.0 domain users with client permissions on a public folder?  Client permissions is where the users need to be added, correct?  Adding them in the directory or adminstrator access of the public folder property of permissions does not work.

Thanks,
Chris
0
Comment
Question by:cpshambro
  • 4
  • 3
7 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 17099088
Client permissions is on the only place that you can make the changes.
You have to grant the rights to the mailboxes they have located on your server.

You cannot grant permissions to their accounts elsewhere.

Simon.
0
 

Author Comment

by:cpshambro
ID: 17122762
You have confirmed my understanding that I need to assign client permsissions to users.  What I don't know is how to add client permissions to the NT 4.0 domain users where I have a successful 2 way trust setup.  Any ideas?

Thanks,
Chris
0
 

Author Comment

by:cpshambro
ID: 17123431
With a little more research I have uncovered the real problem.

Check out Microsoft KB article 330508.  It explains that Public folders have 2 sets of permiossions, one for  NTSD (NTFS) and another for MAPI ACLs (MAPI aware applications).  The article recommends not editing the public folder's NTSD list in Exchange System Mannager (ESM).  The article helps explain what not to do but it also does not explain very well what to do to update the MAPI ACLs with the trusted domain users.  Any suggestions?

If I press the ctl key and click properties, I can see the NTSD list and the NT 4.0 domain users that I would like to add.  But like the article says, I cannot simply update the MAPI ACLs.

Thanks,
Chris
0
How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

 
LVL 104

Expert Comment

by:Sembee
ID: 17123471
Let me expand further.

You can only grant MAPI permissions to mailboxes that are located in the same Exchange org. If you NT4 users don't have a mailbox in the same Exchange org, then you cannot grant permissions to them.
The presence of the trust is immaterial.

Simon.
0
 

Author Comment

by:cpshambro
ID: 17123723
I would have to disagree even though the steps are not easy.  I can see the NT 4.0 trusted domain user in the ESM client permissions once a new public folder has been created by the user.  I would imagine that the NTSD ACL and MAPI ACL files can be edited using the ctl key on the client permissions tab in ESM and then using the pfinfo.exe utility.  This procedure is somewhat ...well ugly.

Have you or someone you know attempted this?

Thanks,
Chris
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 17124471
Disagree with me then.

It cannot be done. You cannot use NTFS permissions to grant access to public folders. The permissions are exclusively set as client permissions and controlled through the MAPI client.

The fact that you can see the NT4 domain in the NTFS permissions doesn't mean anything. That is because it is NTFS permissions. NTFS permissions are not used for public folder access.

Simon.
0
 

Author Comment

by:cpshambro
ID: 17135030
Thank you Simon for the information.  I really do appreciate the interest and information to help me solve this problem.  At this point the permissions cannot be set.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now