The issue was rooted in the DA's rights having been changed due to migrating from a previous version. This change was never changed back. This is before my time at the company. DA's by default does not have read access to mailboxes on an exchange server so me being able to do so is what threw me off initially.
You all have some valid points about DA's being able to get around these obstacles and gain access. However, I being one of a few DA's in the company have better things to do than read other peoples emails. I barely even feel like reading my own most of the time so this is not much of a concern. The business needs to comply with various regulations and this is why we need to have measures in place to prevent access to mailboxes. There was a comment in regards to being able to create a different user with access and then delete the account when done. Currently I have Kiwi set up to send email alerts instantly when changes such as memberships or security settings occur to the Domain Admins group and the Exchange Domain Server group. And to prevent a new user being created with the ability I also send alerts when the string "SetMailboxRights" is found. There is more to it so we don't get bombarded with legit information but this outlines the idea behind it. Nick "Quidquid latine dictum sit, altum sonatur." --------------------------------------------------------------------------- ---------------------------------------------------------------------------
