We are in the process of transitioning from Exchange 2003 to 2010 and are having a permissions issue. So far, we have installed 2 CAS/HUB servers into the organization and the temporary routing groups have been automatically created. The problem is, our 2003 servers do not inherit permissions from above (for an unknown reason) and the new permissions for groups "Exchange Servers" and "Exchange Trusted Subsystem" are not present on any 2003 server.
We are afraid of just clicking the inherit permissions checkbox fearful that something will stop working. My question...is there a tool out there that will allow us to easily compare ACL permissions between parent and child? I was able to use dsacls to export but that is going to take a lot of sifting through. Or would it just be easier to add the new 2010 groups to each server node? I do see "Exchange Trusted Subsystem" has Full Permission and "Exchange Servers" have read and extended rights. Are there any other permissions to note?