Thanks Steve, very helpful suggestion. One thing I have been charged with doing already, is cleaning up stray names with permissions to folders and adding them to the appropriate security group with folder permissions so there is no reason not to do the same for mailboxes. Thanks
________________________________ From: [EMAIL PROTECTED] on behalf of Steve Rochford Sent: Mon 3/1/2004 11:34 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Removing inherited mailbox persmissions on AD ac counts When you have this kind of transient user it may be easier to create a group (which will normally only contain one person) and give that group rights to the mailbox. In this way you just put the new person into the correct group and you don't have to remember to remove their permissions from the mailbox when they go - their account gets deleted so they are removed from the group but the group stays. The new person then just gets added to the group and everything works :-) Steve ________________________________ From: Grantham, Caron [mailto:[EMAIL PROTECTED] On Behalf Of Grantham, Caron Sent: 26 February 2004 02:32 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Removing inherited mailbox persmissions on AD ac counts I picked him because he needed help delegating his exec. assistant access to his Outlook. The option at his desktop is not available for some reason. Basically, this account is one of many users who have delegated inbox/calendar read/write access to their executive assistants. These positions can be fairly transient so during the migration period I believe the delegate the user originally had, left our org. Her account was deleted from NT but not before being having been brought over to AD thru ADC. I'm just doing clean-up by removing accounts that no longer should be there and adding user who need permissions to this guys mailbox. It should only be him, one exec staff , domain admins, and the exchange nodes. I guess SELF stays too? ________________________________ From: [EMAIL PROTECTED] on behalf of Mulnick, Al Sent: Wed 2/25/2004 12:49 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Removing inherited mailbox persmissions on AD ac counts sIDHistory would show the user since it's an attribute on the migrated user-object anyway. It could look like a ghost account if there's a problem finding the user object (i.e. it was deleted permanently and sIDHistory wasn't brought for that user), or if there was a problem with the trust etc. What was the reason to pick this particular user in the first place? Is there a problem that drew you to that user or did you just pick out of a hat? I think if we knew the big picture, we could offer better help. -----Original Message----- From: Grantham, Caron [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 25, 2004 12:45 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Removing inherited mailbox persmissions on AD ac counts Al, I don't why, I'm new to AD. We have recently migrated from NT 4 to Server 2003/Exchange 2003. We were co-existing with the NT 4 domain through a two-way trust relationship and some users who were migrated have since been deleted from NT. My suspicion is that this could be SID history of those users. I wasn't an admin on the NT side who set up permissions for users originally.
<<winmail.dat>>