Mailbox permissions

xmouser
xmouser used Ask the Experts™
on
Exchange 2003
Server 2003 R2


Someone is removing Send As and Recieve As permissions from accounts. Where do I have to go or what logging do I need to turn on to find out who?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
AmitIT Architect
Distinguished Expert 2017

Commented:
It seems this account is part of protected group like domain admin, due to which AD will remove it after every one hour. Once any account part of protected group, admin count will be set to 1 and if you remove also, admin count still remain 1, so in order to remove it, you need to use adsiedit tool and change it to 0 and apply the permission again.
AmitIT Architect
Distinguished Expert 2017

Commented:
AmitIT Architect
Distinguished Expert 2017

Commented:
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
amitkulshrestha:It seems this account is part of protected group like domain admin, due to which AD will remove it after every one hour. Once any account part of protected group, admin count will be set to 1 and if you remove also, admin count still remain 1, so in order to remove it, you need to use adsiedit tool and change it to 0 and apply the permission again.

I have no ide awhat this means. How does it relate to my issue of finding out who is changing permissions.

The account(s) in question are domain accounts with user rights.
IT Architect
Distinguished Expert 2017
Commented:
If you have adsiedit tool open it from run by typing adsiedit.,msc then browse to the user>properties and check admin count value first. I don't think, this is issue related to someone removing rights. I assume you know how to work in AD, else check with your AD expert. AD person will be able to understand my answer.

Author

Commented:
amitkulshrestha:this might help
http://support.microsoft.com/kb/907434 

That makes sense and is interesting but the user is not a member of the 'protected' group/account.

Author

Commented:
amitkulshrestha:If you have adsiedit tool open it from run by typing adsiedit.,msc then browse to the user>properties and check admin count value first. I don't think, this is issue related to someone removing rights. I assume you know how to work in AD, else check with your AD expert. AD person will be able to understand my answer.

I'll check.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial