troubleshooting Question

What are the correct default permissions for a shared mailbox?

Avatar of Jer
JerFlag for United States of America asked on
ExchangeActive Directory
4 Comments2 Solutions14 ViewsLast Modified:

While troubleshooting user access to an Exchange 2013 shared mailbox, I noticed some curiosities regarding the security of the mailbox.  The troubleshooting started because I was unable to access the mailbox, even with Full Access permissions.  When I perform the get-mailboxpermission commend for the mailbox, I notice 5 entries that are listed twice, including Domain Admins, Enterprise Admins, Organization Management.  One listing shows AccessRights to be {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}, IsInherited (True), and Deny (False).  That looks normal to me.  The other listing concerns me.  That listing shows AccessRights to be {FullAccess}, IsInherited (True), and Deny (True).  Should any of these have Deny set to True?  I wouldn't think so.  Our environment has been through several versions of Exchange (since 5.5), so I expect there is a bunch of residual settings.  I did find a ticket stating that ADSI Edit can be used to clean up the Deny settings, but I just wanted to confirm that I should be able to clear all Deny settings or if there was perhaps a reason that they are there?

I appreciate any assistance provided.

Thank you,

Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 2 Answers and 4 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros