Exchange Servers permissions not inherited
I am having a series of weird behaviours since installing Exchange 2007 sp2 into an existing Exchange 2003 org. I had already posted on the migration board but that wasn't really the right place - here's the link http://social.technet.microsoft.com/Forums/en/exchangesvrmigration/thread/da42c594-8c80-4771-a0e2-900e5ab0b507I am chasing the possibility that the problems are to do with permissions in AD. The weird thing I am noticing is the the rights given to the Exchange Servers group are not being inherited by the containers below. This is despite the fact that "Allow inheritable permissions" is TICKED on all containers.So: the Exchange Servers group has a bunch of rights at the level CN=site,CN=Microsoft Exchange, CN=Services,CN=Configuration. But on CN=Administrative groups, directly below, the rights are not inherited. If I reapply the rights manually to this level they are not inherited by the container below.I have run dcdiag against all DCs - nothing of interest.I should also explain the AD architecture: there is an empty parent domain, and Exchange is installed into the child domain. Therefore the Exchange Servers group exists in the parent domain. Should this effect inheritence? This is the only exchange 2007 installation I've done in a parent-child domain.I have run setup /preparead in the parent domain, and setup /preparedomain in the child domain multiple times.The sorts of problems I am seeing: mail stuck in outbox on Exchange 2007, cannot login to OWA due to permission error (though Outlook works). I am also seeing repeated 4001 errors "cannot open System Attendant Mailbox" - though the System Attendant service is started. I have trkied recreating mail stores, which is supposed to recreate the sys attendant mailbox.http://www.wapshere.com/missmiis
November 23rd, 2009 1:49pm
It's fixed. For some reason the rights had been applied "To this object only" instead of "To this object and all child objects". I have absolutely no idea why this would have happened. I have installed exchange 2007 into half a dozen organisations and I have never seen this. It is the first time I have directly installed from the sp2 build however...Carolhttp://www.wapshere.com/missmiis
Free Windows Admin Tool Kit Click here and download it now
November 23rd, 2009 2:58pm