Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Mailbox Rights for New Users Shows Only Self


View products that this article applies to.

Symptoms

In Microsoft Exchange 2000 Server or Microsoft Exchange Server 2003, when you create new mailbox-enabled accounts in Active Directory, they do not have inherited mailbox rights. The only object that is granted permission is Self, which is granted full mailbox access and read rights.

↑ Back to the top


Cause

This behavior occurs because the mailbox security descriptor is not read from the Active Directory account object until the user logs on or gets mail. The Recipient Update Service does not stamp the inherited permissions when the mailbox is created. After the mailbox is created in the store, the store calculates inherited mailbox rights.

↑ Back to the top


Resolution

To resolve this behavior, log on to or send a message to the mailbox. When the mailbox is created in the store, the store itself calculates the inherited permissions and stamps them on the store's copy of the mailbox security descriptor.

↑ Back to the top


More information

To view mailbox rights, follow these steps:
  1. In the Microsoft Management Console (MMC), click Advanced Features on the View menu.
  2. Under Active Directory Users and Computers, click the account, click the Exchange Advanced tab, and then click Mailbox Rights.
The rights are displayed in the Permissions for account name dialog box.

↑ Back to the top


Keywords: KB272153, kbprb

↑ Back to the top

Article Info
Article ID : 272153
Revision : 8
Created on : 10/25/2007
Published on : 10/25/2007
Exists online : False
Views : 369