Grant Full Mailbox Access fails MapiExceptionNoAccess: Unable to set mailbox SecurityDescriptor. (hr=0x80070005, ec=-2147024891) (Network Steve Forum)

Grant Full Mailbox Access fails MapiExceptionNoAccess: Unable to set mailbox SecurityDescriptor. (hr=0x80070005, ec=-2147024891)

Our helpdesk cant grant Full Mailbox Access to shared Mailboxes, they get the following error: Error: Failed to commit the change on object "a8c4a74d-a4f7-441b-9ee4-69fa0c9f3310" because access is denied. MapiExceptionNoAccess: Unable to set mailbox SecurityDescriptor. (hr=0x80070005, ec=-2147024891) This only happens to old shared mailboxes. If a new shared mailbox is created the have the rights to grant Fullmailbox access to Users and DLs. Has anyone an idea where i can start troubleshooting? The dump from get-adpermissions from a working shared mailbox and a not working shared mailbox are the same. Any help is highly appreciated.

August 10th, 2010 11:37am

Hi, You can run below command which gives "Administer Information Store" (ms-Exch-Store-Admin) rights to your helpdesk staffs that allow them to give full access rights to all users of your Exchange organization. Add-ADPermission -Identity "CN=CompanyOrg ,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=company ,DC=com" -User "company\HelpDeskStaffs " -ExtendedRights ms-Exch-Store-Admin -InheritanceType All Reference: Recipient Permission Delegation in Exchange Server 2007 http://msexchangeteam.com/archive/2006/11/03/430350.aspx I hope this will help you. Regards. Shafaquat Ali.M.C.I.T.P Exchange 2007/2010, M.C.I.T.P Windows Server 2008, M.C.T.S OCS Server 2007 R2, Phone: +923008210320

Free Windows Admin Tool Kit Click here and download it now

August 10th, 2010 11:52am

Hi Ali, thanks for your answer, this solved the issue. I just adjusted your solution a little and gave the ms-Exch-Store-Admin rights only on the store level. Our helpdesk should only have the rights to grant "Manage Full Access Permission" to Ressource Mailboxes which are only on one store. There is just one more small question. Can our helpdesk, accidently, destroy the store with this rights? What is the worst case? I tried to grant the ms-Exch-Store-Admin rights only on the Mailboxlevel, but this wont fly.

August 12th, 2010 4:32pm

Hi, Glad to know that I could help you also when ever need help just post here all the members will try to help you as much as they can. Regards. Shafaquat Ali.M.C.I.T.P Exchange 2007/2010, M.C.I.T.P Windows Server 2008, M.C.T.S OCS Server 2007 R2, Phone: +923008210320

Free Windows Admin Tool Kit Click here and download it now

August 12th, 2010 4:34pm

This topic is archived. No further replies will be accepted.