Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Exchange 2003 security permissions change

Posted on 2012-04-13
4
Medium Priority
?
321 Views
Last Modified: 2012-04-17
I'm attempting to retire an older domain admin account.  While checking the exchange 2003 server I'm finding this account has permissions on objects like the address books and the message queues.  On the security tab when I highlight the account and click remove I get the following error:

"You cannot remove "Account name" because this object is inheriting permissions from its parent"

I understand the message and why I'm getting it but I don't know where the "parent" is where the inheritence is coming from.  I've checked all the higher level folders in the system manager but I don't see it.  Can someone point me in the right direction?
0
Comment
Question by:First Last
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 15

Expert Comment

by:Rajkumar-MCITP
ID: 37844628
You can check the following

Make sure he is not an exchange server organization administrator ( check the org admin group members)

Any service running on this account

If that is the default administrator account kindly have a look on this - http://www.windowsecurity.com/articles/protecting-administrator-account.html

Is that account used to install exchange server?
0
 
LVL 1

Author Comment

by:First Last
ID: 37845017
I checked all the exchange services which are set to use the local system account.  It is a member of the Exchange Services group (as well as a domain admin).  I don't see a group called exchange server organization admin, the services group was the closest I could see.

Exchange was probably installed using that account several years ago.  The default admin account was renamed and disabled a while back but prior staff had gotten in the habit of using another domain level service account for just about everything which I now get to clean up.  :)

Thanks for your help!
0
 
LVL 15

Accepted Solution

by:
Rajkumar-MCITP earned 2000 total points
ID: 37845669
Sorry, I meant the exchange full administrator group as organization Administrator

right click on the Organization Name or Administrative group and click on delegate control. click on the old admin account and remove it.
0
 
LVL 1

Author Closing Comment

by:First Last
ID: 37855845
That did the trick, once I removed the account as an exchange admin all the permissions went with it.  Thanks!
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question