Solved

Problem moving mailbox 'You do not have permission to log on'

Posted on 2006-11-14
5
822 Views
Last Modified: 2008-01-09
I moved a test mailbox from one exchange 2K server to another and now I am having problems opening the new mailbox. I can open the mailbox with outlook if I login as the owner of the mailbox, but what I am unable to do (but was before the move) is login as a domain admin and open that same mailbox. The error I get when I try to open the mail box is 'you do not have permission to log on'. But the domain admin account I am using has full access to the mailbox in question.

Is this behavior typical, and shouldn't I be able to access the mailbox if I am logged in as an admin with mailbox rights?

Thanks is Advance
Geoff
0
Comment
Question by:gbarcalow
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 39

Accepted Solution

by:
redseatechnologies earned 250 total points
ID: 17941991
Hi gbarcalow,

This is somewhat typical (my Exchange 2000 knowledge is fading fast).

I know Exchange 2003 is like this, and vaguely remember 2000 to be the same;

If you want full admin access, follow this -> http://www.petri.co.il/grant_full_mailbox_rights_on_exchange_2000_2003.htm

Just reading that article again, it states that 2000 was also this way by default

Hope that helps,

-red
0
 
LVL 3

Author Comment

by:gbarcalow
ID: 17942167
Well that was interesting. Why would the access for domain admins be granted by default on the original server?
0
 
LVL 5

Assisted Solution

by:lollygagr
lollygagr earned 50 total points
ID: 17942174
Only one caveat about the article referenced above - the first two procedures will work great, but the third one (applying perms at the server level) has a big "gotcha".  It will work at first, but as you make moves and changes to mailboxes and stores, you will find that the inherited rights will mysteriously stop working on a growing number of mailboxes.  This is due to the fact that Exchange stores aren't Active Directory objects and don't inherit rights in the same way as accounts, groups, etc.  The only way to apply these rights and be sure new/moved mailboxes will inherit them consistently to work is to do it at the store level.

I found this one out the hard way a while back. :-)
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17942279
Someone would have made the changes initially on the existing server, which is why it was working, but now doesnt

By default, domain admins are explicitly denied access to users folders

-red
0
 
LVL 5

Expert Comment

by:lollygagr
ID: 17944340
Actually that's a good example of the difference between Exchange permissions and Active Directory permissions.  The rule in AD is that deny entries in the ACL trump all other permissions.  The rule for Exchange objects like stores and mailboxes is that deny USUALLY trumps, EXCEPT when the deny is inherited and the allow permissions are explicitly defined at a lower level.  Active Directory and Exchange have to play in the same sandbox, but they don't play by the same rules.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question