Solved

Acitve Directory - Exchange Mailbox Rights

Posted on 2009-05-19
17
446 Views
Last Modified: 2012-05-07
Hi

I have windows 2000 and 2003 domain controllers in my existing domain, also i have 3 exchange servers (2 of them are exchange 2000 and 1 is exchange 2003). Just from last 2 weeks i have noticed that when i create a new mailbox enabled account, 'Mailbox Rights' do not populate automatically, and due to this i can't access this mailbox or either user itself can't access his mailbox.

When i go to user's properties in AD -> Exchange Adnvance > Mailbox Rights, i can only see group called 'Self' in the list and nothing else.

can anyone tell me why this is happening and how can i fix it?

Thanks
0
Comment
Question by:tech2010
  • 8
  • 8
17 Comments
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 24422354
If you are creating a user in a certain OU check if they have the allow inheritable checked on that. You can also try running the domainprep and verify if that helps.
0
 

Author Comment

by:tech2010
ID: 24422766
I have tried creating users in different OU and it does not matter where i create it is donig the same thing. Also i can't see allow inheritable checkbox in the user properties, i think checkbox used to be there. Also one thing i noticed that if try to remove any of the memeber in the mailbox rights list it says "You cannot remove that users because this object is interiting permission from its parent. To remove you must prevent this object from infertiting permissions. Turn off the option for inheriting permissions and then try removing again." I just mentioned you this may be it is linked to this issue but i don't know.
Thanks in advance.
0
 

Author Comment

by:tech2010
ID: 24422813
Just thought, does it matter if i am creating user on 2000 domain controller, because i have now 2003 DC as well so should i be creating through 2003 admin tools? just a thought but please answer the previous question in last my previous post.
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 24422859
Yeah you can try it in 2003.
Just go to the security tab and advanced and verify that the allow inheritable is check on the user and on all the OU's where we are creating them from the top most that would be the domain OU.
0
 

Author Comment

by:tech2010
ID: 24423030
Are you saying that i should be using 2003 from now onward or just try?

Also i just confirmed, yes Allow inhertied permissions is checked but why it still did not populate members in the mailbox rights list. I does populate in the security tab list but not in the mailbox right list under exchange advnaced tab.

0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 24423144
Look Mailbox rights is something else and it depends as to whom we give rights to manage our mailbox by default i would not want someone else managing my mailbox by default when its created. Do you agree ?
Creating AD accounts from 2000 DC or 2003 DC would not make a difference as what matters is the Domain Functionality level.
0
 

Author Comment

by:tech2010
ID: 24423377
I absolutly agree. but as long as it work i don't have any issue because it is not working thats why i am concern about the mailbox rights tab which looks to me that any new user we create does not even have permission themself on their own mailboxes. Becasue i used to see lots of memebers in the list anyway.

The porblem is after createing user/mailbox when i configuie user's outlook it does not open mailbox but it says unable to open your default email folders, even i am logged on as him on that machine. please explain. thanks
0
 

Author Comment

by:tech2010
ID: 24423494
have a look the attached screen shot. this is the error i am getting when i create new user mailbox enabled and configure outlook i then can't open outlook because it says the attached error.
outlook-error.JPG
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 

Author Comment

by:tech2010
ID: 24424149
any other suggession Rancy or anyone else?
0
 

Author Comment

by:tech2010
ID: 24424258
Rancy, I think i spot the problem. I can't see these new user's mailboxes under exchange ESM > Servers> Storage group > Mailboxstore > Mailboxes

I have run CleanUp Agent but those new users which i had created is not showing under mailboxes container and i think that's why outlook can't open mailbox for those users as well? Any idea why it is doing this and how can i fix it?
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24424347
The permissions populate when the mailbox is used for the first time.
Did the mailbox get an email address automatically? If not then the problem is with RUS. Until RUS has done its thing on the mailbox, one of which is adding an SMTP and X400 address on to the account, you will not be able to access the mailbox through Outlook, which will mean the permissions do not populate.

So in one respect, what you are seeing is correct, however that state should not remain for very long.

Simon.
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 24428914
In Exchange 2000 and 2003 a mailbox would not be seen under ESM until a user logsin to his mailbox using OWA or Oulook or he receives or sends and email.
Would also like to know if the user is getting stamped with email address and other exchange attributes.
For this you could go to ADUC and go to the properties of the user and to the Email address tab and verify if the user has SMTPO and X400 address and also try accessing his mailbox using OWA.
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 24440193
Hello any status on the issue ?
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 24448207
Any updates ?
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 24465099
Any updates on the issue ?
0
 
LVL 52

Accepted Solution

by:
Manpreet SIngh Khatra earned 500 total points
ID: 24480889
Is the issue resolved ?
0
 

Author Comment

by:tech2010
ID: 24510885
yes i have to update/rebuilt receipient update service and then all worked OK. thanks
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now