Solved

exmerge

Posted on 2011-03-13
8
613 Views
Last Modified: 2012-05-11
I am using exmerge and it hangs on one mailbox.
I went and checked in AD and the security for mailbox rights for the user in question has both allow and deny checked for full mailbox access.  They are being inherited from somewhere but i don't where.
Maybe it's because the domain\administrator account i am trying to use for exmerge has inherited deny for send and receive as on the mailbox store?  Not sure where that inheritance is coming from either.
0
Comment
Question by:cmkeur
  • 3
  • 2
  • 2
  • +1
8 Comments
 

Author Comment

by:cmkeur
ID: 35124614
ah! maybe it's because the domain/administrator account is a "full exchange administrator" which has deny for send as and receive as?
0
 
LVL 8

Accepted Solution

by:
Nivlesh earned 250 total points
ID: 35124869
Yes that is true. You have to explicitly remove the deny settings for your administrator account.
1. Go into Exchange System Manager and locate the Storage Group where the mailbox you want to exmerge lives.

2. Right click on the Storage Group and click Properties. From the tab, select Security.
3. Then click on Advanced in this tab.
4. In the window that shows next, untick "Allow inheritable permissions from the parent to propagate to this object ..."  You will be then asked if you want to Copy, Remove or Cancel. Select Copy
5. Then once you have applied this, go back to the Security settings and untick the deny's. Save this and that should be all good now.

Try exmerging now.
0
 
LVL 31

Assisted Solution

by:MegaNuk3
MegaNuk3 earned 250 total points
ID: 35125844
Or allow the account that is doing the exmerge "Full Access" on the mailbox. Explicit Allow overrides Inherited Deny.
0
 
LVL 32

Expert Comment

by:endital1097
ID: 35127797
Do not remove preconfigured security settings as stated in 35124869

@MegaNuk3 has the proper solution which is to grant explicit allow which will override the inherited deny
yes, this goes against what you know with NTFS permissions, but it is accurate
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 8

Expert Comment

by:Nivlesh
ID: 35133538
Hi endital1097.

My comment is not "removing" security settings. It is one of the ways to resolve this issue. I have tested/performed this many times and it works a treat.

cmkeur, a full how-to on using exmerge, including setting up a user account etc to use to exmerge is contained in this article from microsoft.  Hope this helps.

http://support.microsoft.com/kb/292509
0
 
LVL 8

Expert Comment

by:Nivlesh
ID: 35133576
Also, note that my initial comment was no different than what MegaNuk3 had given. His is giving permissions to the account you are using to exmerge on a per mailbox level. In my initial comment, I assumed you were using the domain/administrator and was getting you to do what MegaNuk3 stated but on a much global level (on the storage group).

So endital1097, I disagree with your comment above and also MegaNuk3's solution wont work if cmkeur is using domain/administrator since in that case, you will have to break inheritance and then explicitly give permission , same as what I had suggested.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35133602
You don't have to break inheritance to give an Explicit Allow
0
 
LVL 32

Expert Comment

by:endital1097
ID: 35134497
You should never remove permission inheritance
Adding the user account or another group with explicit allow will work

I am just trying to protect from possible future issues related to permissions as that should be one of our goals in this forum
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now