Solved

Acitve Directory - Exchange Mailbox Rights

Posted on 2009-05-19
17
436 Views
Last Modified: 2012-05-07
Hi

I have windows 2000 and 2003 domain controllers in my existing domain, also i have 3 exchange servers (2 of them are exchange 2000 and 1 is exchange 2003). Just from last 2 weeks i have noticed that when i create a new mailbox enabled account, 'Mailbox Rights' do not populate automatically, and due to this i can't access this mailbox or either user itself can't access his mailbox.

When i go to user's properties in AD -> Exchange Adnvance > Mailbox Rights, i can only see group called 'Self' in the list and nothing else.

can anyone tell me why this is happening and how can i fix it?

Thanks
0
Comment
Question by:tech2010
  • 8
  • 8
17 Comments
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
Comment Utility
If you are creating a user in a certain OU check if they have the allow inheritable checked on that. You can also try running the domainprep and verify if that helps.
0
 

Author Comment

by:tech2010
Comment Utility
I have tried creating users in different OU and it does not matter where i create it is donig the same thing. Also i can't see allow inheritable checkbox in the user properties, i think checkbox used to be there. Also one thing i noticed that if try to remove any of the memeber in the mailbox rights list it says "You cannot remove that users because this object is interiting permission from its parent. To remove you must prevent this object from infertiting permissions. Turn off the option for inheriting permissions and then try removing again." I just mentioned you this may be it is linked to this issue but i don't know.
Thanks in advance.
0
 

Author Comment

by:tech2010
Comment Utility
Just thought, does it matter if i am creating user on 2000 domain controller, because i have now 2003 DC as well so should i be creating through 2003 admin tools? just a thought but please answer the previous question in last my previous post.
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
Comment Utility
Yeah you can try it in 2003.
Just go to the security tab and advanced and verify that the allow inheritable is check on the user and on all the OU's where we are creating them from the top most that would be the domain OU.
0
 

Author Comment

by:tech2010
Comment Utility
Are you saying that i should be using 2003 from now onward or just try?

Also i just confirmed, yes Allow inhertied permissions is checked but why it still did not populate members in the mailbox rights list. I does populate in the security tab list but not in the mailbox right list under exchange advnaced tab.

0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
Comment Utility
Look Mailbox rights is something else and it depends as to whom we give rights to manage our mailbox by default i would not want someone else managing my mailbox by default when its created. Do you agree ?
Creating AD accounts from 2000 DC or 2003 DC would not make a difference as what matters is the Domain Functionality level.
0
 

Author Comment

by:tech2010
Comment Utility
I absolutly agree. but as long as it work i don't have any issue because it is not working thats why i am concern about the mailbox rights tab which looks to me that any new user we create does not even have permission themself on their own mailboxes. Becasue i used to see lots of memebers in the list anyway.

The porblem is after createing user/mailbox when i configuie user's outlook it does not open mailbox but it says unable to open your default email folders, even i am logged on as him on that machine. please explain. thanks
0
 

Author Comment

by:tech2010
Comment Utility
have a look the attached screen shot. this is the error i am getting when i create new user mailbox enabled and configure outlook i then can't open outlook because it says the attached error.
outlook-error.JPG
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:tech2010
Comment Utility
any other suggession Rancy or anyone else?
0
 

Author Comment

by:tech2010
Comment Utility
Rancy, I think i spot the problem. I can't see these new user's mailboxes under exchange ESM > Servers> Storage group > Mailboxstore > Mailboxes

I have run CleanUp Agent but those new users which i had created is not showing under mailboxes container and i think that's why outlook can't open mailbox for those users as well? Any idea why it is doing this and how can i fix it?
0
 
LVL 65

Expert Comment

by:Mestha
Comment Utility
The permissions populate when the mailbox is used for the first time.
Did the mailbox get an email address automatically? If not then the problem is with RUS. Until RUS has done its thing on the mailbox, one of which is adding an SMTP and X400 address on to the account, you will not be able to access the mailbox through Outlook, which will mean the permissions do not populate.

So in one respect, what you are seeing is correct, however that state should not remain for very long.

Simon.
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
Comment Utility
In Exchange 2000 and 2003 a mailbox would not be seen under ESM until a user logsin to his mailbox using OWA or Oulook or he receives or sends and email.
Would also like to know if the user is getting stamped with email address and other exchange attributes.
For this you could go to ADUC and go to the properties of the user and to the Email address tab and verify if the user has SMTPO and X400 address and also try accessing his mailbox using OWA.
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
Comment Utility
Hello any status on the issue ?
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
Comment Utility
Any updates ?
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
Comment Utility
Any updates on the issue ?
0
 
LVL 52

Accepted Solution

by:
Manpreet SIngh Khatra earned 500 total points
Comment Utility
Is the issue resolved ?
0
 

Author Comment

by:tech2010
Comment Utility
yes i have to update/rebuilt receipient update service and then all worked OK. thanks
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now