Solved

Exchange 2003 security permissions change

Posted on 2012-04-13
4
318 Views
Last Modified: 2012-04-17
I'm attempting to retire an older domain admin account.  While checking the exchange 2003 server I'm finding this account has permissions on objects like the address books and the message queues.  On the security tab when I highlight the account and click remove I get the following error:

"You cannot remove "Account name" because this object is inheriting permissions from its parent"

I understand the message and why I'm getting it but I don't know where the "parent" is where the inheritence is coming from.  I've checked all the higher level folders in the system manager but I don't see it.  Can someone point me in the right direction?
0
Comment
Question by:First Last
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 15

Expert Comment

by:Rajkumar-MCITP
ID: 37844628
You can check the following

Make sure he is not an exchange server organization administrator ( check the org admin group members)

Any service running on this account

If that is the default administrator account kindly have a look on this - http://www.windowsecurity.com/articles/protecting-administrator-account.html

Is that account used to install exchange server?
0
 
LVL 1

Author Comment

by:First Last
ID: 37845017
I checked all the exchange services which are set to use the local system account.  It is a member of the Exchange Services group (as well as a domain admin).  I don't see a group called exchange server organization admin, the services group was the closest I could see.

Exchange was probably installed using that account several years ago.  The default admin account was renamed and disabled a while back but prior staff had gotten in the habit of using another domain level service account for just about everything which I now get to clean up.  :)

Thanks for your help!
0
 
LVL 15

Accepted Solution

by:
Rajkumar-MCITP earned 500 total points
ID: 37845669
Sorry, I meant the exchange full administrator group as organization Administrator

right click on the Organization Name or Administrative group and click on delegate control. click on the old admin account and remove it.
0
 
LVL 1

Author Closing Comment

by:First Last
ID: 37855845
That did the trick, once I removed the account as an exchange admin all the permissions went with it.  Thanks!
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question