tech2010
asked on
Acitve Directory - Exchange Mailbox Rights
Hi
I have windows 2000 and 2003 domain controllers in my existing domain, also i have 3 exchange servers (2 of them are exchange 2000 and 1 is exchange 2003). Just from last 2 weeks i have noticed that when i create a new mailbox enabled account, 'Mailbox Rights' do not populate automatically, and due to this i can't access this mailbox or either user itself can't access his mailbox.
When i go to user's properties in AD -> Exchange Adnvance > Mailbox Rights, i can only see group called 'Self' in the list and nothing else.
can anyone tell me why this is happening and how can i fix it?
Thanks
I have windows 2000 and 2003 domain controllers in my existing domain, also i have 3 exchange servers (2 of them are exchange 2000 and 1 is exchange 2003). Just from last 2 weeks i have noticed that when i create a new mailbox enabled account, 'Mailbox Rights' do not populate automatically, and due to this i can't access this mailbox or either user itself can't access his mailbox.
When i go to user's properties in AD -> Exchange Adnvance > Mailbox Rights, i can only see group called 'Self' in the list and nothing else.
can anyone tell me why this is happening and how can i fix it?
Thanks
Manpreet SIngh Khatra
If you are creating a user in a certain OU check if they have the allow inheritable checked on that. You can also try running the domainprep and verify if that helps.
ASKER
I have tried creating users in different OU and it does not matter where i create it is donig the same thing. Also i can't see allow inheritable checkbox in the user properties, i think checkbox used to be there. Also one thing i noticed that if try to remove any of the memeber in the mailbox rights list it says "You cannot remove that users because this object is interiting permission from its parent. To remove you must prevent this object from infertiting permissions. Turn off the option for inheriting permissions and then try removing again." I just mentioned you this may be it is linked to this issue but i don't know.
Thanks in advance.
Thanks in advance.
ASKER
Just thought, does it matter if i am creating user on 2000 domain controller, because i have now 2003 DC as well so should i be creating through 2003 admin tools? just a thought but please answer the previous question in last my previous post.
Yeah you can try it in 2003.
Just go to the security tab and advanced and verify that the allow inheritable is check on the user and on all the OU's where we are creating them from the top most that would be the domain OU.
Just go to the security tab and advanced and verify that the allow inheritable is check on the user and on all the OU's where we are creating them from the top most that would be the domain OU.
ASKER
Are you saying that i should be using 2003 from now onward or just try?
Also i just confirmed, yes Allow inhertied permissions is checked but why it still did not populate members in the mailbox rights list. I does populate in the security tab list but not in the mailbox right list under exchange advnaced tab.
Also i just confirmed, yes Allow inhertied permissions is checked but why it still did not populate members in the mailbox rights list. I does populate in the security tab list but not in the mailbox right list under exchange advnaced tab.
Look Mailbox rights is something else and it depends as to whom we give rights to manage our mailbox by default i would not want someone else managing my mailbox by default when its created. Do you agree ?
Creating AD accounts from 2000 DC or 2003 DC would not make a difference as what matters is the Domain Functionality level.
Creating AD accounts from 2000 DC or 2003 DC would not make a difference as what matters is the Domain Functionality level.
ASKER
I absolutly agree. but as long as it work i don't have any issue because it is not working thats why i am concern about the mailbox rights tab which looks to me that any new user we create does not even have permission themself on their own mailboxes. Becasue i used to see lots of memebers in the list anyway.
The porblem is after createing user/mailbox when i configuie user's outlook it does not open mailbox but it says unable to open your default email folders, even i am logged on as him on that machine. please explain. thanks
The porblem is after createing user/mailbox when i configuie user's outlook it does not open mailbox but it says unable to open your default email folders, even i am logged on as him on that machine. please explain. thanks
ASKER
have a look the attached screen shot. this is the error i am getting when i create new user mailbox enabled and configure outlook i then can't open outlook because it says the attached error.
outlook-error.JPG
outlook-error.JPG
ASKER
any other suggession Rancy or anyone else?
ASKER
Rancy, I think i spot the problem. I can't see these new user's mailboxes under exchange ESM > Servers> Storage group > Mailboxstore > Mailboxes
I have run CleanUp Agent but those new users which i had created is not showing under mailboxes container and i think that's why outlook can't open mailbox for those users as well? Any idea why it is doing this and how can i fix it?
I have run CleanUp Agent but those new users which i had created is not showing under mailboxes container and i think that's why outlook can't open mailbox for those users as well? Any idea why it is doing this and how can i fix it?
The permissions populate when the mailbox is used for the first time.
Did the mailbox get an email address automatically? If not then the problem is with RUS. Until RUS has done its thing on the mailbox, one of which is adding an SMTP and X400 address on to the account, you will not be able to access the mailbox through Outlook, which will mean the permissions do not populate.
So in one respect, what you are seeing is correct, however that state should not remain for very long.
Simon.
Did the mailbox get an email address automatically? If not then the problem is with RUS. Until RUS has done its thing on the mailbox, one of which is adding an SMTP and X400 address on to the account, you will not be able to access the mailbox through Outlook, which will mean the permissions do not populate.
So in one respect, what you are seeing is correct, however that state should not remain for very long.
Simon.
In Exchange 2000 and 2003 a mailbox would not be seen under ESM until a user logsin to his mailbox using OWA or Oulook or he receives or sends and email.
Would also like to know if the user is getting stamped with email address and other exchange attributes.
For this you could go to ADUC and go to the properties of the user and to the Email address tab and verify if the user has SMTPO and X400 address and also try accessing his mailbox using OWA.
Would also like to know if the user is getting stamped with email address and other exchange attributes.
For this you could go to ADUC and go to the properties of the user and to the Email address tab and verify if the user has SMTPO and X400 address and also try accessing his mailbox using OWA.
Hello any status on the issue ?
Any updates ?
Any updates on the issue ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
yes i have to update/rebuilt receipient update service and then all worked OK. thanks