Solved

Exchange 2003 security permissions change

Posted on 2012-04-13
4
319 Views
Last Modified: 2012-04-17
I'm attempting to retire an older domain admin account.  While checking the exchange 2003 server I'm finding this account has permissions on objects like the address books and the message queues.  On the security tab when I highlight the account and click remove I get the following error:

"You cannot remove "Account name" because this object is inheriting permissions from its parent"

I understand the message and why I'm getting it but I don't know where the "parent" is where the inheritence is coming from.  I've checked all the higher level folders in the system manager but I don't see it.  Can someone point me in the right direction?
0
Comment
Question by:First Last
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 15

Expert Comment

by:Rajkumar-MCITP
ID: 37844628
You can check the following

Make sure he is not an exchange server organization administrator ( check the org admin group members)

Any service running on this account

If that is the default administrator account kindly have a look on this - http://www.windowsecurity.com/articles/protecting-administrator-account.html

Is that account used to install exchange server?
0
 
LVL 1

Author Comment

by:First Last
ID: 37845017
I checked all the exchange services which are set to use the local system account.  It is a member of the Exchange Services group (as well as a domain admin).  I don't see a group called exchange server organization admin, the services group was the closest I could see.

Exchange was probably installed using that account several years ago.  The default admin account was renamed and disabled a while back but prior staff had gotten in the habit of using another domain level service account for just about everything which I now get to clean up.  :)

Thanks for your help!
0
 
LVL 15

Accepted Solution

by:
Rajkumar-MCITP earned 500 total points
ID: 37845669
Sorry, I meant the exchange full administrator group as organization Administrator

right click on the Organization Name or Administrative group and click on delegate control. click on the old admin account and remove it.
0
 
LVL 1

Author Closing Comment

by:First Last
ID: 37855845
That did the trick, once I removed the account as an exchange admin all the permissions went with it.  Thanks!
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Here's a look at newsworthy articles and community happenings during the last month.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question