Either at the organization level, the server level, the InfoStore level, or the individual mailbox level someone has put a higher priority “Allow” for Domain Admins than the inherited “Deny”.
You need to find the level (using adsiedit normally) where the access control entry was placed and then remove it.
From: exchangelist-bounce@xxxxxxxxxxxxx [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Patrick
Sent: Thursday, October 08, 2009 9:49 AM
To: exchangelist@xxxxxxxxxxxxx; msexchange@xxxxxxxxxxxxx
Subject: [ExchangeList] domain admin can access all mailboxes - exchange 2003
Not sure how this happened, but domain admin can access all users mailboxes. How can I stop this from happening.
Exchange 2003 SP2