Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1315
  • Last Modified:

Granting permissions in Exchange Public folders between trusted domains

I have an Exchange 2003 Enterprise Edition Server in a 2003 Domain.  I have an NT 4.0 domain.  A 2 way trust is setup and working between the domains.

The NT 4.0 Domain users have emailboxes on the Exchange server and can access the Exchange Public folders.  They can make entries in the public folders but they cannot edit other user entries, which is what I would like some of them to do (with editor rights for example).  Any suggestions?

How do I add the trusted NT 4.0 domain users with client permissions on a public folder?  Client permissions is where the users need to be added, correct?  Adding them in the directory or adminstrator access of the public folder property of permissions does not work.

Thanks,
Chris
0
cpshambro
Asked:
cpshambro
  • 4
  • 3
1 Solution
 
SembeeCommented:
Client permissions is on the only place that you can make the changes.
You have to grant the rights to the mailboxes they have located on your server.

You cannot grant permissions to their accounts elsewhere.

Simon.
0
 
cpshambroAuthor Commented:
You have confirmed my understanding that I need to assign client permsissions to users.  What I don't know is how to add client permissions to the NT 4.0 domain users where I have a successful 2 way trust setup.  Any ideas?

Thanks,
Chris
0
 
cpshambroAuthor Commented:
With a little more research I have uncovered the real problem.

Check out Microsoft KB article 330508.  It explains that Public folders have 2 sets of permiossions, one for  NTSD (NTFS) and another for MAPI ACLs (MAPI aware applications).  The article recommends not editing the public folder's NTSD list in Exchange System Mannager (ESM).  The article helps explain what not to do but it also does not explain very well what to do to update the MAPI ACLs with the trusted domain users.  Any suggestions?

If I press the ctl key and click properties, I can see the NTSD list and the NT 4.0 domain users that I would like to add.  But like the article says, I cannot simply update the MAPI ACLs.

Thanks,
Chris
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
SembeeCommented:
Let me expand further.

You can only grant MAPI permissions to mailboxes that are located in the same Exchange org. If you NT4 users don't have a mailbox in the same Exchange org, then you cannot grant permissions to them.
The presence of the trust is immaterial.

Simon.
0
 
cpshambroAuthor Commented:
I would have to disagree even though the steps are not easy.  I can see the NT 4.0 trusted domain user in the ESM client permissions once a new public folder has been created by the user.  I would imagine that the NTSD ACL and MAPI ACL files can be edited using the ctl key on the client permissions tab in ESM and then using the pfinfo.exe utility.  This procedure is somewhat ...well ugly.

Have you or someone you know attempted this?

Thanks,
Chris
0
 
SembeeCommented:
Disagree with me then.

It cannot be done. You cannot use NTFS permissions to grant access to public folders. The permissions are exclusively set as client permissions and controlled through the MAPI client.

The fact that you can see the NT4 domain in the NTFS permissions doesn't mean anything. That is because it is NTFS permissions. NTFS permissions are not used for public folder access.

Simon.
0
 
cpshambroAuthor Commented:
Thank you Simon for the information.  I really do appreciate the interest and information to help me solve this problem.  At this point the permissions cannot be set.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now