Solved

Security settings overwritten by AD

Posted on 2006-10-31
1
207 Views
Last Modified: 2008-02-01

Hi
I have an issue which I have seen before but I just can't configure out how to fix it.

BASELINE
SBS2003 SP1 Exchange SP2 with IMF configured. Multiple email domains configured in Recepient Policy. E.G. abc.com, def.com and ghi.com. SMTP delivery, A and MX records all configured on hosting company site and ISP delievering mail fine.
User John had a logon account fully configured in AD with the primary SMTP mail address of abc.com
Two more accounts were created, john1 and john2 that had the respective def.com and ghi.com email address allocated to them.
In the security tab of john1 and john2, the original login account john was given full rights and within Outlook 2003 SP2 the FROM line was being used fine to send emails from abc.com, def.com and ghi.com
When John recieved emails they all went to his one Inbox and we could see which email account the external user had sent them through to: either as john, john1 or john2
Up until a week ago the following configurations were in place and working beautifully

CHANGE RESULTING in NON multi domain email SENDING ability
Installed Exchange SP2 and further released hotfixes. Configured IMF that now traps about 100Mb worth of SPAM weekly on all three domains - abc. def, ghi.
The security settings defined in the accounts john1 and john2 have disappeared and seem to have reveted back to a AD standard which includes a completely different user!
And so now John cannot send emails from any of the multi domains other than the primary one configured for his original logon account. He can continue to recieve all emails from all domains but when he replies and attempts to use the FROM field it results in a NDR unless he use his primary SMTP

WORK DONE TO RESOLVE
I have given john full control on accounts john1 and john2 but it doesn't stay. After an hour my settings disappear and reverts back to the standard.
Instead of applying Full Control, I have attempted to go into Advanced and just give Send as Permissions but this doesn't stay.
In john1 and john2 account when I go to the Security tab - Advanced - Effective Permissions and type in John, the effective permissions confirms that John does not have Full Control or Send As permissions.
I have seen this behaviour before and I believe a change is done in adsiedit.msc to ensure that the security settings stay in place but I am not sure. I once saw a Micrsoft guy fix it in dsadmin through the command prompt but have no idea of the syntax. I may be wrong on the solution.

Help on this would be very appreciative. I don't post many questions but on this one i'm stumped and my client is suffering as he cannot send emails from the other domains.

There are 5 users on site so I have the standard CAL that comes with SBS2003. I didn't suffer any CAL issues when I created the extra accounts john1 and john2 for mail delivery as no one was actually logging in with those identities although as a side question it would be nice to know whether I have 'device' or 'user' CAL's installed.

500 pointer - for urgency and effective fix.

Kind Regards
Robin
0
Comment
Question by:RobKanj
1 Comment
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 17847216
It's a rather complicated issue... but essentially SP2 changed the way the "Send as.." permissions are handled by shared resources.

You'll find a complete description and the solution here:  http://support.microsoft.com/kb/912918

Jeff
TechSoEasy
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A lot of problems and solutions are available on the net for the error message "Source server does not meet minimum requirements for migration" while performing a migration from Small Business Server 2003 to SBS 2008. This error pops up just before …
Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now