Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SBS 2003/Exchange 2003 Permission Issues

Posted on 2011-03-10
19
Medium Priority
?
475 Views
Last Modified: 2012-05-11
I have a client with a very customized setup. They have an SBS 2003 server that is sending from multiple domains in Exchange. To accomplish this, I added the domains to the receipient policy, created usernames for the additional domains and added as additional mailboxes to the each of the users Outlook clients. This was working great. The users were able to send and receive from multiple domains without a hitch.

The problem is that the server crashed while we were performing maintenance on the backup. We were able to recover their data partition but we could not recover the operating system partition. We had to re-install SBS 2003 and setup this painful e-mail configuration. I was able to get two of the domains to work but now I am having some strange issues with setting mailbox rights and removing users.

Somehow the users are inheriting permissions from somewhere that is blocking me from making changes to mailbox rights for the additional users. The checkboxes in active directory are grayed out. I am also having issues removing and adding users to the server level of the system manager. I cannot remove "everyone" permission because the server level is inheriting permissions from somewhere that I cannot find.

I've attached two screenshots with each of the issues I am having trouble with. Ultimately, I want to be able to edit their mailbox rights from Active directory and also remove users from the server level of Exchange in system manager.

I have downloaded and installed ADSIedit but I am not too familiar. I've turned off inheritance on in ADSI and it brought the Exchange store down. I re-enabled that and I was able to mount the store again. It seems like the permissions I've really goofed up the permissions on the server.

Any ideas?
cascade-mailbox-rights.JPG
cascade-remove-everyone.JPG
0
Comment
Question by:qualityip
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
19 Comments
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 35097993
If you click on the advanced button you can tur off inherited permissions
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 35098049
Also Sean Daniel , Microsoft SBS program manager wrote a detailed blog on this
http://sbs.seandaniel.co/2004/10/hosting-multiple-domains-on-sbs-2003.html
0
 

Author Comment

by:qualityip
ID: 35098085
The problem is that when I turn off inheritance in Exchange, the Exchange store is dismounted and I am still unable to change the permissions in AD. Any idea where does AD inherit its permissions from?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:qualityip
ID: 35098090
Also - I am not able to access that link but I really want to read the blog!
0
 
LVL 35

Accepted Solution

by:
Cris Hanna earned 2000 total points
ID: 35098214
0
 

Author Comment

by:qualityip
ID: 35098251
Also, I forgot to mention that I can not disable permission inheritance in Active Directory as you can see by the screen shot.
cascade-no-disable-inheritance.JPG
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 35098434
Hard to tell what you have or have not done at this point..I would get the blog   its 3 parts I believe and go throough step by step from the beginning ...you should be good at the end of that
0
 

Author Comment

by:qualityip
ID: 35098480
I only need to know where active directory inherits permissions from and how to disable this inheritance. I know how to setup sending from multiple domains. I set it up previously and it worked and I set it up this time and it works on 3 of the 5 domains they send from. My only concern is being able to remove and change these permissions. I cannot figure out where AD is inheriting these permissions and why I cannot disable inheritance in AD.
0
 

Author Comment

by:qualityip
ID: 35129481
Anyone have any more ideas?
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 35129600
Again you should be able to click on the advanced button in your pictures and Uncheck inheritance...
0
 

Author Comment

by:qualityip
ID: 35316062
I resolved this issue myself.
0
 

Author Comment

by:qualityip
ID: 35316067
The comment with the link to the blog also helped.
0
 

Author Closing Comment

by:qualityip
ID: 35316072
Thanks for the link.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 35721463
The author indicates in his comments on 4/4/ that my link and comments were helpful...so why no points
0
 

Expert Comment

by:WallyMod
ID: 35859685
qualityyip

You originally asked for the question to be re-opened an action with which we cooperated but as far as I can see you have not returned to the site to implement any action since that date.

Normally we would leave the question to yu to action but it would appear that would be inappropriate as we have no indication that when you return your recollection of the question will be enhanced and therefore I am closing the question on your behalf.

If you return in the 3 day window before closure then you may indicate your own requirement for closure and otherwise the question will be closed per my post.

WallyMod
Community Support Moderator
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question