Posted on 2011-03-13
Last Modified: 2012-05-11
I am using exmerge and it hangs on one mailbox.
I went and checked in AD and the security for mailbox rights for the user in question has both allow and deny checked for full mailbox access.  They are being inherited from somewhere but i don't where.
Maybe it's because the domain\administrator account i am trying to use for exmerge has inherited deny for send and receive as on the mailbox store?  Not sure where that inheritance is coming from either.
Question by:cmkeur
  • 3
  • 2
  • 2
  • +1

Author Comment

ID: 35124614
ah! maybe it's because the domain/administrator account is a "full exchange administrator" which has deny for send as and receive as?

Accepted Solution

Nivlesh earned 250 total points
ID: 35124869
Yes that is true. You have to explicitly remove the deny settings for your administrator account.
1. Go into Exchange System Manager and locate the Storage Group where the mailbox you want to exmerge lives.

2. Right click on the Storage Group and click Properties. From the tab, select Security.
3. Then click on Advanced in this tab.
4. In the window that shows next, untick "Allow inheritable permissions from the parent to propagate to this object ..."  You will be then asked if you want to Copy, Remove or Cancel. Select Copy
5. Then once you have applied this, go back to the Security settings and untick the deny's. Save this and that should be all good now.

Try exmerging now.
LVL 31

Assisted Solution

MegaNuk3 earned 250 total points
ID: 35125844
Or allow the account that is doing the exmerge "Full Access" on the mailbox. Explicit Allow overrides Inherited Deny.
Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

LVL 32

Expert Comment

ID: 35127797
Do not remove preconfigured security settings as stated in 35124869

@MegaNuk3 has the proper solution which is to grant explicit allow which will override the inherited deny
yes, this goes against what you know with NTFS permissions, but it is accurate

Expert Comment

ID: 35133538
Hi endital1097.

My comment is not "removing" security settings. It is one of the ways to resolve this issue. I have tested/performed this many times and it works a treat.

cmkeur, a full how-to on using exmerge, including setting up a user account etc to use to exmerge is contained in this article from microsoft.  Hope this helps.

Expert Comment

ID: 35133576
Also, note that my initial comment was no different than what MegaNuk3 had given. His is giving permissions to the account you are using to exmerge on a per mailbox level. In my initial comment, I assumed you were using the domain/administrator and was getting you to do what MegaNuk3 stated but on a much global level (on the storage group).

So endital1097, I disagree with your comment above and also MegaNuk3's solution wont work if cmkeur is using domain/administrator since in that case, you will have to break inheritance and then explicitly give permission , same as what I had suggested.
LVL 31

Expert Comment

ID: 35133602
You don't have to break inheritance to give an Explicit Allow
LVL 32

Expert Comment

ID: 35134497
You should never remove permission inheritance
Adding the user account or another group with explicit allow will work

I am just trying to protect from possible future issues related to permissions as that should be one of our goals in this forum

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
exchange, OWA, 7 37
Exchange 2016 OWA 3 47
Exchange error mounting database (hr=0x80004005, ec=-344) after power loss 10 38
Exchange 2016 - not receiving mail 17 33
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question