?
Solved

Exchange 2003 security permissions change

Posted on 2012-04-13
4
Medium Priority
?
320 Views
Last Modified: 2012-04-17
I'm attempting to retire an older domain admin account.  While checking the exchange 2003 server I'm finding this account has permissions on objects like the address books and the message queues.  On the security tab when I highlight the account and click remove I get the following error:

"You cannot remove "Account name" because this object is inheriting permissions from its parent"

I understand the message and why I'm getting it but I don't know where the "parent" is where the inheritence is coming from.  I've checked all the higher level folders in the system manager but I don't see it.  Can someone point me in the right direction?
0
Comment
Question by:First Last
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 15

Expert Comment

by:Rajkumar-MCITP
ID: 37844628
You can check the following

Make sure he is not an exchange server organization administrator ( check the org admin group members)

Any service running on this account

If that is the default administrator account kindly have a look on this - http://www.windowsecurity.com/articles/protecting-administrator-account.html

Is that account used to install exchange server?
0
 
LVL 1

Author Comment

by:First Last
ID: 37845017
I checked all the exchange services which are set to use the local system account.  It is a member of the Exchange Services group (as well as a domain admin).  I don't see a group called exchange server organization admin, the services group was the closest I could see.

Exchange was probably installed using that account several years ago.  The default admin account was renamed and disabled a while back but prior staff had gotten in the habit of using another domain level service account for just about everything which I now get to clean up.  :)

Thanks for your help!
0
 
LVL 15

Accepted Solution

by:
Rajkumar-MCITP earned 2000 total points
ID: 37845669
Sorry, I meant the exchange full administrator group as organization Administrator

right click on the Organization Name or Administrative group and click on delegate control. click on the old admin account and remove it.
0
 
LVL 1

Author Closing Comment

by:First Last
ID: 37855845
That did the trick, once I removed the account as an exchange admin all the permissions went with it.  Thanks!
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses
Course of the Month12 days, 19 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question