RE: [ActiveDir] Removing inherited mailbox permissions on AD ac counts

[Dryden, Karen]

Title: Message

Those inherited permissions may come from the Exchange org, the Exchange object in the forest, the database, the routing group.  If you have to ask, don't remove them, unless you know exactly what will happen when you do. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Nicolas Blank Sent: Thursday, February 26, 2004 2:04 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Removing inherited mailbox persmissions on AD ac counts SELF should DEFINITELLY stay there ! IF an ACL shows inherited permissions then they generally come from the database object or the store object above it. Enable the showpermission regkey you saw posted earlier, and examine the database permissions and the store permissions. Also sidHistory won’t be exhibited on the ACL as it is an attribute of a user. You may examine this by using LDP/ADSIEDIT and examining the sidHistory attribute of a user. Oh, and SELF definitely stays there too ;) ! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grantham, Caron Sent: 26 February 2004 04:32 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Removing inherited mailbox persmissions on AD ac counts   I picked him because he needed help delegating his exec. assistant access to his Outlook. The option at his desktop is not available for some reason.   Basically, this account is one of many users who have delegated inbox/calendar read/write access to their executive assistants. These positions can be fairly transient so during the migration period I believe the delegate the user originally had, left our org. Her account was deleted from NT but not before being having been brought over to AD thru ADC.  I'm just doing clean-up by removing accounts that no longer should be there and adding user who need permissions to this guys mailbox. It should only be him, one exec staff , domain admins, and the exchange nodes. I guess SELF stays too?     From: [EMAIL PROTECTED] on behalf of Mulnick, Al Sent: Wed 2/25/2004 12:49 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Removing inherited mailbox persmissions on AD ac counts sIDHistory would show the user since it's an attribute on the migrated user-object anyway.  It could look like a ghost account if there's a problem finding the user object (i.e. it was deleted permanently and sIDHistory wasn't brought for that user), or if there was a problem with the trust etc.    What was the reason to pick this particular user in the first place?  Is there a problem that drew you to that user or did you just pick out of a hat? I think if we knew the big picture, we could offer better help.     -----Original Message----- From: Grantham, Caron [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 25, 2004 12:45 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Removing inherited mailbox persmissions on AD ac counts Al, I don't why, I'm new to AD. We have recently migrated from NT 4 to Server 2003/Exchange 2003.   We were co-existing with the NT 4 domain through a two-way trust relationship and some users who were migrated have since been deleted from NT. My suspicion is that this could be SID history of those users. I wasn't an admin on the NT side who set up permissions for users originally.