Posted on 2011-03-13
Last Modified: 2012-05-11
I am using exmerge and it hangs on one mailbox.
I went and checked in AD and the security for mailbox rights for the user in question has both allow and deny checked for full mailbox access.  They are being inherited from somewhere but i don't where.
Maybe it's because the domain\administrator account i am trying to use for exmerge has inherited deny for send and receive as on the mailbox store?  Not sure where that inheritance is coming from either.
Question by:cmkeur
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1

Author Comment

ID: 35124614
ah! maybe it's because the domain/administrator account is a "full exchange administrator" which has deny for send as and receive as?

Accepted Solution

Nivlesh earned 250 total points
ID: 35124869
Yes that is true. You have to explicitly remove the deny settings for your administrator account.
1. Go into Exchange System Manager and locate the Storage Group where the mailbox you want to exmerge lives.

2. Right click on the Storage Group and click Properties. From the tab, select Security.
3. Then click on Advanced in this tab.
4. In the window that shows next, untick "Allow inheritable permissions from the parent to propagate to this object ..."  You will be then asked if you want to Copy, Remove or Cancel. Select Copy
5. Then once you have applied this, go back to the Security settings and untick the deny's. Save this and that should be all good now.

Try exmerging now.
LVL 31

Assisted Solution

MegaNuk3 earned 250 total points
ID: 35125844
Or allow the account that is doing the exmerge "Full Access" on the mailbox. Explicit Allow overrides Inherited Deny.
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

LVL 32

Expert Comment

ID: 35127797
Do not remove preconfigured security settings as stated in 35124869

@MegaNuk3 has the proper solution which is to grant explicit allow which will override the inherited deny
yes, this goes against what you know with NTFS permissions, but it is accurate

Expert Comment

ID: 35133538
Hi endital1097.

My comment is not "removing" security settings. It is one of the ways to resolve this issue. I have tested/performed this many times and it works a treat.

cmkeur, a full how-to on using exmerge, including setting up a user account etc to use to exmerge is contained in this article from microsoft.  Hope this helps.

Expert Comment

ID: 35133576
Also, note that my initial comment was no different than what MegaNuk3 had given. His is giving permissions to the account you are using to exmerge on a per mailbox level. In my initial comment, I assumed you were using the domain/administrator and was getting you to do what MegaNuk3 stated but on a much global level (on the storage group).

So endital1097, I disagree with your comment above and also MegaNuk3's solution wont work if cmkeur is using domain/administrator since in that case, you will have to break inheritance and then explicitly give permission , same as what I had suggested.
LVL 31

Expert Comment

ID: 35133602
You don't have to break inheritance to give an Explicit Allow
LVL 32

Expert Comment

ID: 35134497
You should never remove permission inheritance
Adding the user account or another group with explicit allow will work

I am just trying to protect from possible future issues related to permissions as that should be one of our goals in this forum

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video discusses moving either the default database or any database to a new volume.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question