We help IT Professionals succeed at work.

Mailbox permissions

xmouser
xmouser asked
on
Exchange 2003
Server 2003 R2


Someone is removing Send As and Recieve As permissions from accounts. Where do I have to go or what logging do I need to turn on to find out who?
Comment
Watch Question

AmitIT Architect
Distinguished Expert 2017

Commented:
It seems this account is part of protected group like domain admin, due to which AD will remove it after every one hour. Once any account part of protected group, admin count will be set to 1 and if you remove also, admin count still remain 1, so in order to remove it, you need to use adsiedit tool and change it to 0 and apply the permission again.
AmitIT Architect
Distinguished Expert 2017

Commented:
AmitIT Architect
Distinguished Expert 2017

Commented:

Author

Commented:
amitkulshrestha:It seems this account is part of protected group like domain admin, due to which AD will remove it after every one hour. Once any account part of protected group, admin count will be set to 1 and if you remove also, admin count still remain 1, so in order to remove it, you need to use adsiedit tool and change it to 0 and apply the permission again.

I have no ide awhat this means. How does it relate to my issue of finding out who is changing permissions.

The account(s) in question are domain accounts with user rights.
IT Architect
Distinguished Expert 2017
Commented:
If you have adsiedit tool open it from run by typing adsiedit.,msc then browse to the user>properties and check admin count value first. I don't think, this is issue related to someone removing rights. I assume you know how to work in AD, else check with your AD expert. AD person will be able to understand my answer.

Author

Commented:
amitkulshrestha:this might help
http://support.microsoft.com/kb/907434 

That makes sense and is interesting but the user is not a member of the 'protected' group/account.

Author

Commented:
amitkulshrestha:If you have adsiedit tool open it from run by typing adsiedit.,msc then browse to the user>properties and check admin count value first. I don't think, this is issue related to someone removing rights. I assume you know how to work in AD, else check with your AD expert. AD person will be able to understand my answer.

I'll check.