Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Security settings overwritten by AD

Posted on 2006-10-31
1
Medium Priority
?
214 Views
Last Modified: 2008-02-01

Hi
I have an issue which I have seen before but I just can't configure out how to fix it.

BASELINE
SBS2003 SP1 Exchange SP2 with IMF configured. Multiple email domains configured in Recepient Policy. E.G. abc.com, def.com and ghi.com. SMTP delivery, A and MX records all configured on hosting company site and ISP delievering mail fine.
User John had a logon account fully configured in AD with the primary SMTP mail address of abc.com
Two more accounts were created, john1 and john2 that had the respective def.com and ghi.com email address allocated to them.
In the security tab of john1 and john2, the original login account john was given full rights and within Outlook 2003 SP2 the FROM line was being used fine to send emails from abc.com, def.com and ghi.com
When John recieved emails they all went to his one Inbox and we could see which email account the external user had sent them through to: either as john, john1 or john2
Up until a week ago the following configurations were in place and working beautifully

CHANGE RESULTING in NON multi domain email SENDING ability
Installed Exchange SP2 and further released hotfixes. Configured IMF that now traps about 100Mb worth of SPAM weekly on all three domains - abc. def, ghi.
The security settings defined in the accounts john1 and john2 have disappeared and seem to have reveted back to a AD standard which includes a completely different user!
And so now John cannot send emails from any of the multi domains other than the primary one configured for his original logon account. He can continue to recieve all emails from all domains but when he replies and attempts to use the FROM field it results in a NDR unless he use his primary SMTP

WORK DONE TO RESOLVE
I have given john full control on accounts john1 and john2 but it doesn't stay. After an hour my settings disappear and reverts back to the standard.
Instead of applying Full Control, I have attempted to go into Advanced and just give Send as Permissions but this doesn't stay.
In john1 and john2 account when I go to the Security tab - Advanced - Effective Permissions and type in John, the effective permissions confirms that John does not have Full Control or Send As permissions.
I have seen this behaviour before and I believe a change is done in adsiedit.msc to ensure that the security settings stay in place but I am not sure. I once saw a Micrsoft guy fix it in dsadmin through the command prompt but have no idea of the syntax. I may be wrong on the solution.

Help on this would be very appreciative. I don't post many questions but on this one i'm stumped and my client is suffering as he cannot send emails from the other domains.

There are 5 users on site so I have the standard CAL that comes with SBS2003. I didn't suffer any CAL issues when I created the extra accounts john1 and john2 for mail delivery as no one was actually logging in with those identities although as a side question it would be nice to know whether I have 'device' or 'user' CAL's installed.

500 pointer - for urgency and effective fix.

Kind Regards
Robin
0
Comment
Question by:RobKanj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 2000 total points
ID: 17847216
It's a rather complicated issue... but essentially SP2 changed the way the "Send as.." permissions are handled by shared resources.

You'll find a complete description and the solution here:  http://support.microsoft.com/kb/912918

Jeff
TechSoEasy
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question