Exchange 2007 Best Practise results
Posted on 2009-05-18
I have run a Best practise report on our Exchange 2007 Server and need a little help with the results.
Write DACL inherit (group)
The Write DACL inherit (group) right for the Exchange Enterprise Servers group should be removed from the root of the domain.
I have followed the link (Removing the last legacy server) and as I no longer have an Exchange 2003 server, I cannot follow most of the instructions. I have run ADSIEDIT.MSC and the Recipient Update Service entry is not present. So I guess I need to run this command: Remove-ADPermission "dc=<Domain>" -user "<RootDomain>\Exchange Servers" -AccessRights WriteDACL -InheritedObjectType Group
But from where, my Domain Controller or from the Exchange 2007 server? I have three Exchange related objects in my Active Directory, are these valid?
Exchange Domain Servers Security Group-Global
Exchange Enterprise Server Security Group-Global
Exchange Server User