Solved

Exchange mailbox store not visible following a change of permissions

Posted on 2014-11-21
12
114 Views
Last Modified: 2014-12-04
Hi I was trying to export mailboxes from exchange server Version: 6.5.7226.0 on sbs 2003. Exmerge logged an error which suggested that the admin account on the server did not have full read write access to the mailboxes. I right clicked on the mailbox store and chose properties->security and it seem that there were some deny permissions so I went into the advanced and unchecked the inherit permissions tickbox.

I now cannot see the private mailbox store in ESM at all, Is there any way to get this mailbox store remounted?
0
Comment
Question by:GazClimbs
  • 6
  • 4
  • 2
12 Comments
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 40458170
This article lists the minimum required permissions for the mailbox store:

http://support.microsoft.com/kb/328229

When you unchecked the "inherit permissions" check box, you may have inadvertently removed all permissions from the mailbox store.  In order to restore the permissions, you may have to use ADSIEdit. Have you ever used this tool?
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40458544
Can you recheck inherited permissions?
0
 

Author Comment

by:GazClimbs
ID: 40461563
Thanks hypercat, no I have not used this tool before, any advice for me?

Gareth, I cannot see the store in ESM so no I cannot edit the permissions
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40462003
Unfortunately, I don't have an Exchange 2003 server in front of me anymore and I'm getting old. ;)

Does it give you the security tab at the server level?

As Hypercat mentioned, might have to download and installed ADSI Edit to fix these permissions.
http://technet.microsoft.com/en-us/library/cc773354(v=ws.10).aspx
0
 

Author Comment

by:GazClimbs
ID: 40462139
Thanks Gareth,
  That document has no information about using the tool to interact with exchange storage groups, can you direct me towards anything useful?

Gaz
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 40462200
This article describes where to go in the ADSIEDIT.msc to find the permissions for the Exchange information store.  It specifically describes adding the Exchange server computer to the permissions, but you can add other appropriate permissions in the same way:

http://technet.microsoft.com/en-us/library/aa997766(v=exchg.65).aspx

The article has you add the permissions at the Server level. Since it seems that you have removed the inheritance from the mailbox store level, what I'd recommend that you do would be to just check the permissions at the server level first.  If they seem normal, check the information store object permissions.  If the info store is inheriting the permissions (as it should be), then drill down further to the specific mailbox store level.  At that point, all you should have to do would be to re-check the "Inherit permissions" box and the correct permissions from the upper level would be applied.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 40462213
Here's a picture of how it will look in ADSIEDIT.msc.  This is an Exchange 2007 server, so your 2003 will look slightly different, but the basic idea is the same:

ADSIEDIT console showing Exchange objects
I have erased all the domain naming information, so don't be confused by the blank spaces in the picture.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 40462217
Also, if you're running Exchange 2003 on a Windows 2003 server, you'll have to install the Windows 2003 support tools in order to have adsiedit.msc available.  This tool is included in later OS's, but is an add-on with the Support Tools for Windows 2003.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 40462230
PPS :-| Another additional instruction:  Once you have adsiedit.msc installed and open, you'll see a blank window with just the adsiedit.msc object.  You need to right-click on ADSI Edit and click "Connect to."  Then in the dialog box, click the down arrow under "Select a well known Naming Context:" and select "Configuration."  This will get you to the correct starting point for getting to the Exchange settings.
0
 

Author Comment

by:GazClimbs
ID: 40464371
adsi
I can drill down as far as the first storage group as in the screenshot but when I right click on the mailbox store and choose properties I get the error above,

Any help greatly appreciated, all I need to do is mount this store and exmerge a few gb of mail

Gaz
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 500 total points
ID: 40464477
Follow the instructions in the first article I posted to make sure that the Exchange server computer is member of the Exchange Domain Servers global group.
0
 

Author Closing Comment

by:GazClimbs
ID: 40481242
Thanks for you attention in this matter hypercat, I ended up creating a recovery group and accessing the mailboxes in this way, cheers
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Junk folder 23 112
SSL Certificate Renewal with Exchange 2010 9 38
exchange, outlook 6 31
EXCHANGE 6 25
Resolve DNS query failed errors for Exchange
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
how to add IIS SMTP to handle application/Scanner relays into office 365.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now