In Microsoft Exchange 2000 Server or Microsoft Exchange Server 2003, when you create new mailbox-enabled accounts in Active Directory, they do not have inherited mailbox rights. The only object that is granted permission is Self, which is granted full mailbox access and read rights.
↑ Back to the top
This behavior occurs because the mailbox security descriptor is not read from the Active Directory account object until the user logs on or gets mail. The Recipient Update Service does not stamp the inherited permissions when the mailbox is created. After the mailbox is created in the store, the store calculates inherited mailbox rights.
↑ Back to the top
To resolve this behavior, log on to or send a message to the mailbox. When the mailbox is created in the store, the store itself calculates the inherited permissions and stamps them on the store's copy of the mailbox security descriptor.
↑ Back to the top
To view mailbox rights, follow these steps:
- In the Microsoft Management Console (MMC), click Advanced Features on the View menu.
- Under Active Directory Users and Computers, click the account, click the Exchange Advanced tab, and then click Mailbox Rights.
The rights are displayed in the
Permissions for account name dialog box.
↑ Back to the top