[ExchangeList] Exchange 2003 permission - a bit wierd...

  • From: Chris Wall <Chris.Wall@xxxxxxxxxxxxxxxxxxx>
  • To: <exchangelist@xxxxxxxxxxxxx>
  • Date: Fri, 22 May 2009 09:47:31 -0400

Hello all –


In the Exchange System Manager, at the server level, I have noticed that there is an account with explicit Deny permissions applied on the security tab for all of our servers (multiple Servers and Multiple Administrative groups).  These server permissions are set to inherit from the parent.  Yet when I go to the Administrative group level, that permission does not appear. 


Where could the servers be inheriting this permission if it is not at the Administrative Group level?  I have also verified that the account is not at the Organizational level either.  When comparing permissions at the Administrative and Server levels, they are identical, except there is this one random account at the server level on each server.


I have unchecked ‘Allow inheritable permissions from the parent to propagate to this object….’, copied the existing permissions.  Then I removed the account in question.  Then I went back in and re checked ‘Allow inheritable permissions from the parent….’ And the permission re-appears.  I am scratching my head on this one.


Also, the reason I want to remove the account is that it appears as a tomb stoned account, and has been there for several months.  So this is an account that no longer appears in our organization and I am tired of seeing the missing man (icon with question mark) assigned on all of our accounts in the mailbox permissions.  I just want to remove it and have it cleaned up before upgrading to Exchange 2007. 


Sorry for the long email, just wanted to provide full info.






Other related posts:

  • » [ExchangeList] Exchange 2003 permission - a bit wierd... - Chris Wall