asked on 5/25/2021

What are the correct default permissions for a shared mailbox?

Greetings,

While troubleshooting user access to an Exchange 2013 shared mailbox, I noticed some curiosities regarding the security of the mailbox. The troubleshooting started because I was unable to access the mailbox, even with Full Access permissions. When I perform the get-mailboxpermission commend for the mailbox, I notice 5 entries that are listed twice, including Domain Admins, Enterprise Admins, Organization Management. One listing shows AccessRights to be {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}, IsInherited (True), and Deny (False). That looks normal to me. The other listing concerns me. That listing shows AccessRights to be {FullAccess}, IsInherited (True), and Deny (True). Should any of these have Deny set to True? I wouldn't think so. Our environment has been through several versions of Exchange (since 5.5), so I expect there is a bunch of residual settings. I did find a ticket stating that ADSI Edit can be used to clean up the Deny settings, but I just wanted to confirm that I should be able to clear all Deny settings or if there was perhaps a reason that they are there?

I appreciate any assistance provided.

Thank you,

Jeremy

Exchange Active Directory

Last Comment

Seth Simmons

6/25/2021

ASKER CERTIFIED SOLUTION

Bembi

5/25/2021

THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.

View this solution by signing up for a free trial.

Members can start a 7-Day free trial and enjoy unlimited access to the platform.

See Pricing Options

Start Free Trial

Jer

5/26/2021

ASKER

Thanks for the reply, Bembi. So, assuming that your permissions are correct, then the permissions that I'm seeing in my environment are correct. But, I guess I'm curious as to why there are several with the "deny" being true? I've gone through several folders within ADUC and ADSI Edit and I don't see "Deny" actually applied anywhere. I'm just trying to make sure that I don't have some outdated config in place. I have had a couple of users that have had weird functionality with their mailboxes and I thought it may be some type of corruption, as it is very isolated. However, I don't want it to explode on me, if there is an issue. For two of my users, they could see their Inbox within Outlook, but no content (emails). Within OWA, they can see everything. So, that means a client issue. However, it didn't matter on what device they used Outlook, they couldn't see content. We blew away their profile and Outlook profile. Same problem. I recreate the mailbox (exactly the same as before) and the users can use Outlook just fine without making any changes. I've also had issues where users cannot see shared mailboxes that they have full access to. So, ultimately, I created this ticket to see if there was an underlying permissions issue. However, that seems doubtful now?

Thanks,

Jeremy

SOLUTION

Bembi

5/26/2021

THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.

View this solution by signing up for a free trial.

Members can start a 7-Day free trial and enjoy unlimited access to the platform.

See Pricing Options

Start Free Trial

Seth Simmons

6/25/2021

No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Split:
-- 'Bembi' (https:#a43293367)
-- 'Bembi' (https:#a43293958)

If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

seth2740
Experts-Exchange Cleanup Volunteer