Solved

Can't Manage Full Access Permission on Mailbox Exchange 2007

Posted on 2014-02-10
4
1,340 Views
Last Modified: 2014-02-10
When trying to grant myself full access to a users mailbox I get the following error:

Warning:
The ACL for the object "CN=username,CN=OU,DC=Domain,DC=Domain" is not in canonical order (Deny/Allow/Inherited) and will be ignored.

Exchange Management Shell command completed:
Add-MailboxPermits -Identity  'CN=username,CN=OU,DC=Domain,DC=Domain' -User 'MyUsername' -AccessRights 'FullAccess'

Does anyone know how to resolve this?
0
Comment
Question by:cmscheetz
  • 2
  • 2
4 Comments
 
LVL 35

Accepted Solution

by:
Joseph Daly earned 245 total points
Comment Utility
This looks wrong to me. Are you using the console or shell?

'CN=username,CN=OU,DC=Domain,DC=Domain

Distinguished name should look like below.

CN=George\, Curious,OU=container,OU=Test,DC=domain,DC=com
0
 
LVL 53

Expert Comment

by:Will Szymkowski
Comment Utility
This is probably a permission inheritance issue. Open ADSIEdit, select "default naming context" navigate to the location above and right click select properties and check to ensure that the permissions are inherited from the parent folder.

Will.
0
 
LVL 35

Expert Comment

by:Joseph Daly
Comment Utility
Assuming your distinguished name path above is correct this should be the correct form.

'CN=username,OU=OU,DC=Domain,DC=Domain
0
 
LVL 53

Expert Comment

by:Will Szymkowski
Comment Utility
Read the post to fast, it is due to wrong format CN=username,OU=OUname,DC=domain,DC=com

Will.
0

Featured Post

Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

Join & Write a Comment

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now