GazClimbs
asked on
Exchange mailbox store not visible following a change of permissions
Hi I was trying to export mailboxes from exchange server Version: 6.5.7226.0 on sbs 2003. Exmerge logged an error which suggested that the admin account on the server did not have full read write access to the mailboxes. I right clicked on the mailbox store and chose properties->security and it seem that there were some deny permissions so I went into the advanced and unchecked the inherit permissions tickbox.
I now cannot see the private mailbox store in ESM at all, Is there any way to get this mailbox store remounted?
I now cannot see the private mailbox store in ESM at all, Is there any way to get this mailbox store remounted?
Can you recheck inherited permissions?
ASKER
Thanks hypercat, no I have not used this tool before, any advice for me?
Gareth, I cannot see the store in ESM so no I cannot edit the permissions
Gareth, I cannot see the store in ESM so no I cannot edit the permissions
Unfortunately, I don't have an Exchange 2003 server in front of me anymore and I'm getting old. ;)
Does it give you the security tab at the server level?
As Hypercat mentioned, might have to download and installed ADSI Edit to fix these permissions.
http://technet.microsoft.com/en-us/library/cc773354(v=ws.10).aspx
Does it give you the security tab at the server level?
As Hypercat mentioned, might have to download and installed ADSI Edit to fix these permissions.
http://technet.microsoft.com/en-us/library/cc773354(v=ws.10).aspx
ASKER
Thanks Gareth,
That document has no information about using the tool to interact with exchange storage groups, can you direct me towards anything useful?
Gaz
That document has no information about using the tool to interact with exchange storage groups, can you direct me towards anything useful?
Gaz
This article describes where to go in the ADSIEDIT.msc to find the permissions for the Exchange information store. It specifically describes adding the Exchange server computer to the permissions, but you can add other appropriate permissions in the same way:
http://technet.microsoft.com/en-us/library/aa997766(v=exchg.65).aspx
The article has you add the permissions at the Server level. Since it seems that you have removed the inheritance from the mailbox store level, what I'd recommend that you do would be to just check the permissions at the server level first. If they seem normal, check the information store object permissions. If the info store is inheriting the permissions (as it should be), then drill down further to the specific mailbox store level. At that point, all you should have to do would be to re-check the "Inherit permissions" box and the correct permissions from the upper level would be applied.
http://technet.microsoft.com/en-us/library/aa997766(v=exchg.65).aspx
The article has you add the permissions at the Server level. Since it seems that you have removed the inheritance from the mailbox store level, what I'd recommend that you do would be to just check the permissions at the server level first. If they seem normal, check the information store object permissions. If the info store is inheriting the permissions (as it should be), then drill down further to the specific mailbox store level. At that point, all you should have to do would be to re-check the "Inherit permissions" box and the correct permissions from the upper level would be applied.
Here's a picture of how it will look in ADSIEDIT.msc. This is an Exchange 2007 server, so your 2003 will look slightly different, but the basic idea is the same:
I have erased all the domain naming information, so don't be confused by the blank spaces in the picture.
I have erased all the domain naming information, so don't be confused by the blank spaces in the picture.
Also, if you're running Exchange 2003 on a Windows 2003 server, you'll have to install the Windows 2003 support tools in order to have adsiedit.msc available. This tool is included in later OS's, but is an add-on with the Support Tools for Windows 2003.
PPS :-| Another additional instruction: Once you have adsiedit.msc installed and open, you'll see a blank window with just the adsiedit.msc object. You need to right-click on ADSI Edit and click "Connect to." Then in the dialog box, click the down arrow under "Select a well known Naming Context:" and select "Configuration." This will get you to the correct starting point for getting to the Exchange settings.
ASKER
I can drill down as far as the first storage group as in the screenshot but when I right click on the mailbox store and choose properties I get the error above,
Any help greatly appreciated, all I need to do is mount this store and exmerge a few gb of mail
Gaz
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for you attention in this matter hypercat, I ended up creating a recovery group and accessing the mailboxes in this way, cheers
http://support.microsoft.com/kb/328229
When you unchecked the "inherit permissions" check box, you may have inadvertently removed all permissions from the mailbox store. In order to restore the permissions, you may have to use ADSIEdit. Have you ever used this tool?