Solved

SBS 2003/Exchange 2003 Permission Issues

Posted on 2011-03-10
19
463 Views
Last Modified: 2012-05-11
I have a client with a very customized setup. They have an SBS 2003 server that is sending from multiple domains in Exchange. To accomplish this, I added the domains to the receipient policy, created usernames for the additional domains and added as additional mailboxes to the each of the users Outlook clients. This was working great. The users were able to send and receive from multiple domains without a hitch.

The problem is that the server crashed while we were performing maintenance on the backup. We were able to recover their data partition but we could not recover the operating system partition. We had to re-install SBS 2003 and setup this painful e-mail configuration. I was able to get two of the domains to work but now I am having some strange issues with setting mailbox rights and removing users.

Somehow the users are inheriting permissions from somewhere that is blocking me from making changes to mailbox rights for the additional users. The checkboxes in active directory are grayed out. I am also having issues removing and adding users to the server level of the system manager. I cannot remove "everyone" permission because the server level is inheriting permissions from somewhere that I cannot find.

I've attached two screenshots with each of the issues I am having trouble with. Ultimately, I want to be able to edit their mailbox rights from Active directory and also remove users from the server level of Exchange in system manager.

I have downloaded and installed ADSIedit but I am not too familiar. I've turned off inheritance on in ADSI and it brought the Exchange store down. I re-enabled that and I was able to mount the store again. It seems like the permissions I've really goofed up the permissions on the server.

Any ideas?
cascade-mailbox-rights.JPG
cascade-remove-everyone.JPG
0
Comment
Question by:qualityip
  • 8
  • 6
19 Comments
 
LVL 35

Expert Comment

by:Cris Hanna
Comment Utility
If you click on the advanced button you can tur off inherited permissions
0
 
LVL 35

Expert Comment

by:Cris Hanna
Comment Utility
Also Sean Daniel , Microsoft SBS program manager wrote a detailed blog on this
http://sbs.seandaniel.co/2004/10/hosting-multiple-domains-on-sbs-2003.html
0
 

Author Comment

by:qualityip
Comment Utility
The problem is that when I turn off inheritance in Exchange, the Exchange store is dismounted and I am still unable to change the permissions in AD. Any idea where does AD inherit its permissions from?
0
 

Author Comment

by:qualityip
Comment Utility
Also - I am not able to access that link but I really want to read the blog!
0
 
LVL 35

Accepted Solution

by:
Cris Hanna earned 500 total points
Comment Utility
0
 

Author Comment

by:qualityip
Comment Utility
Also, I forgot to mention that I can not disable permission inheritance in Active Directory as you can see by the screen shot.
cascade-no-disable-inheritance.JPG
0
 
LVL 35

Expert Comment

by:Cris Hanna
Comment Utility
Hard to tell what you have or have not done at this point..I would get the blog   its 3 parts I believe and go throough step by step from the beginning ...you should be good at the end of that
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:qualityip
Comment Utility
I only need to know where active directory inherits permissions from and how to disable this inheritance. I know how to setup sending from multiple domains. I set it up previously and it worked and I set it up this time and it works on 3 of the 5 domains they send from. My only concern is being able to remove and change these permissions. I cannot figure out where AD is inheriting these permissions and why I cannot disable inheritance in AD.
0
 

Author Comment

by:qualityip
Comment Utility
Anyone have any more ideas?
0
 
LVL 35

Expert Comment

by:Cris Hanna
Comment Utility
Again you should be able to click on the advanced button in your pictures and Uncheck inheritance...
0
 

Author Comment

by:qualityip
Comment Utility
I resolved this issue myself.
0
 

Author Comment

by:qualityip
Comment Utility
The comment with the link to the blog also helped.
0
 

Author Closing Comment

by:qualityip
Comment Utility
Thanks for the link.
0
 
LVL 35

Expert Comment

by:Cris Hanna
Comment Utility
The author indicates in his comments on 4/4/ that my link and comments were helpful...so why no points
0
 

Expert Comment

by:WallyMod
Comment Utility
qualityyip

You originally asked for the question to be re-opened an action with which we cooperated but as far as I can see you have not returned to the site to implement any action since that date.

Normally we would leave the question to yu to action but it would appear that would be inappropriate as we have no indication that when you return your recollection of the question will be enhanced and therefore I am closing the question on your behalf.

If you return in the 3 day window before closure then you may indicate your own requirement for closure and otherwise the question will be closed per my post.

WallyMod
Community Support Moderator
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now