It cannot be done with ESM.
What I told you is where you look in adsiedit: you look at the Exchange organization object, the Exchange server object, the infostore object on each server…etc.
From: exchangelist-bounce@xxxxxxxxxxxxx [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Patrick
Sent: Thursday, October 08, 2009 3:11 PM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: domain admin can access all mailboxes - exchange 2003
Thanks
Any pointers are to where I would be looking with adsiedit? can this not be done with ESM?
Thanks
From: Michael B. Smith <michael@xxxxxxxxxxxxxxxxxxxxxxxx>
To: exchangelist@xxxxxxxxxxxxx; msexchange@xxxxxxxxxxxxx
Sent: Thu, October 8, 2009 3:36:34 PM
Subject: [ExchangeList] Re: domain admin can access all mailboxes - exchange 2003
Either at the organization level, the server level, the InfoStore level, or the individual mailbox level someone has put a higher priority “Allow” for Domain Admins than the inherited “Deny”.
You need to find the level (using adsiedit normally) where the access control entry was placed and then remove it.
From: exchangelist-bounce@xxxxxxxxxxxxx [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Patrick
Sent: Thursday, October 08, 2009 9:49 AM
To: exchangelist@xxxxxxxxxxxxx; msexchange@xxxxxxxxxxxxx
Subject: [ExchangeList] domain admin can access all mailboxes - exchange 2003
Hi Guys,
Not sure how this happened, but domain admin can access all users mailboxes. How can I stop this from happening.
Exchange 2003 SP2
Thanks
Patrick