• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 487
  • Last Modified:

SBS 2003/Exchange 2003 Permission Issues

I have a client with a very customized setup. They have an SBS 2003 server that is sending from multiple domains in Exchange. To accomplish this, I added the domains to the receipient policy, created usernames for the additional domains and added as additional mailboxes to the each of the users Outlook clients. This was working great. The users were able to send and receive from multiple domains without a hitch.

The problem is that the server crashed while we were performing maintenance on the backup. We were able to recover their data partition but we could not recover the operating system partition. We had to re-install SBS 2003 and setup this painful e-mail configuration. I was able to get two of the domains to work but now I am having some strange issues with setting mailbox rights and removing users.

Somehow the users are inheriting permissions from somewhere that is blocking me from making changes to mailbox rights for the additional users. The checkboxes in active directory are grayed out. I am also having issues removing and adding users to the server level of the system manager. I cannot remove "everyone" permission because the server level is inheriting permissions from somewhere that I cannot find.

I've attached two screenshots with each of the issues I am having trouble with. Ultimately, I want to be able to edit their mailbox rights from Active directory and also remove users from the server level of Exchange in system manager.

I have downloaded and installed ADSIedit but I am not too familiar. I've turned off inheritance on in ADSI and it brought the Exchange store down. I re-enabled that and I was able to mount the store again. It seems like the permissions I've really goofed up the permissions on the server.

Any ideas?
cascade-mailbox-rights.JPG
cascade-remove-everyone.JPG
0
qualityip
Asked:
qualityip
  • 8
  • 6
1 Solution
 
Cris HannaCommented:
If you click on the advanced button you can tur off inherited permissions
0
 
Cris HannaCommented:
Also Sean Daniel , Microsoft SBS program manager wrote a detailed blog on this
http://sbs.seandaniel.co/2004/10/hosting-multiple-domains-on-sbs-2003.html
0
 
qualityipAuthor Commented:
The problem is that when I turn off inheritance in Exchange, the Exchange store is dismounted and I am still unable to change the permissions in AD. Any idea where does AD inherit its permissions from?
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
qualityipAuthor Commented:
Also - I am not able to access that link but I really want to read the blog!
0
 
qualityipAuthor Commented:
Also, I forgot to mention that I can not disable permission inheritance in Active Directory as you can see by the screen shot.
cascade-no-disable-inheritance.JPG
0
 
Cris HannaCommented:
Hard to tell what you have or have not done at this point..I would get the blog   its 3 parts I believe and go throough step by step from the beginning ...you should be good at the end of that
0
 
qualityipAuthor Commented:
I only need to know where active directory inherits permissions from and how to disable this inheritance. I know how to setup sending from multiple domains. I set it up previously and it worked and I set it up this time and it works on 3 of the 5 domains they send from. My only concern is being able to remove and change these permissions. I cannot figure out where AD is inheriting these permissions and why I cannot disable inheritance in AD.
0
 
qualityipAuthor Commented:
Anyone have any more ideas?
0
 
Cris HannaCommented:
Again you should be able to click on the advanced button in your pictures and Uncheck inheritance...
0
 
qualityipAuthor Commented:
I resolved this issue myself.
0
 
qualityipAuthor Commented:
The comment with the link to the blog also helped.
0
 
qualityipAuthor Commented:
Thanks for the link.
0
 
Cris HannaCommented:
The author indicates in his comments on 4/4/ that my link and comments were helpful...so why no points
0
 
WallyModCommented:
qualityyip

You originally asked for the question to be re-opened an action with which we cooperated but as far as I can see you have not returned to the site to implement any action since that date.

Normally we would leave the question to yu to action but it would appear that would be inappropriate as we have no indication that when you return your recollection of the question will be enhanced and therefore I am closing the question on your behalf.

If you return in the 3 day window before closure then you may indicate your own requirement for closure and otherwise the question will be closed per my post.

WallyMod
Community Support Moderator
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 8
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now