Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

You cannot create a new public folder in Exchange 2000 Server, in Exchange Server 2003, or in Exchange Server 2007


View products that this article applies to.

Symptoms

You try to use Microsoft Outlook to create a public folder in Microsoft Exchange 2000 Server, in Microsoft Exchange Server 2003, or in Microsoft Exchange Server 2007. When you do this, you may receive one of the following error messages:
Unable to create the folder. You do not have sufficient permission to perform this operation on this object. See the folder contact or your system administrator.
Failed to commit the change on object because access is denied. See inner exception for more information.

MapiExceptionNoAccess: Unable to create folder. (hr=0x80070005, ec=-2147024891)
Additionally, an event that resembles the following event may be logged in the Application event log :

Event Type: Warning
Event Source: MSExchangeIS Public Store
Event Category: Access Control
Event ID: 1030
Date: 20/09/2001
Time: 9:23:02 AM
User: N/A
Computer: server_name
Description:
adam.barr@adatum.com failed an operation on folder /O=ORGANIZATION/OU=administrative_group/CN=RECIPIENTS/CN=MESSAGING80002AA911CFEB91F24FF7950D20925F02268E on database "First Storage Group\Public Folder Store (server_name)" because the user did not have the following access rights:
'Delete' 'Read Property' 'Write Property' 'Create Message' 'View Item' 'Create Subfolder' 'Write Security Descriptor' 'Write Owner' 'Read Security Descriptor' 'Contact'

Note In this event, server_name is the name of the server, ORGANIZATION is the name of the Exchange Server organization, and administrative_group is the name of the administrative group.

The data section of this event contains the entry ID of the folder. If you right-click the folder in Exchange System Manager, the shortcut menu command to create public folders may not exist. You may also be prompted for Hypertext Transfer Protocol (HTTP) authentication when you try to expand the public folder tree in Exchange System Manager.

↑ Back to the top


Cause

This issue may occur if the permissions of the following object are not correctly configured and differ from the permissions of the root public folder tree as viewed in Exchange System Manager:
CN=Public Folders,CN=Folder Hierarchies,CN=administrative_group,CN=Administrative Groups,CN=ORGANIZATION,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ORGANIZATION,DC=com
Note In this object, ORGANIZATION is the name of the Exchange Server organization and administrative_group is the name of the administrative group.

The Everyone group is set with an explicit Deny for the Create public folder or Create top level public folder permissions.

↑ Back to the top


Resolution

To resolve this issue, configure the permissions correctly. To do so, you have to use the ADSI Edit snap-in. To configure the permissions, follow these steps.

Warning If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Windows Server 2003, Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, or both Windows and Exchange. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.
  1. Start ADSI Edit. In the CN=Configuration container, locate the following container:
    CN=Services,CN=Microsoft Exchange,CN=ORGANIZATION,CN=Administrative Groups,CN=administrative_group,CN=Folder Hierarchies,CN=Public Folders
    Note In this container, ORGANIZATION is the name of the Exchange Server organization and administrative_group is the name of your administrative group.
  2. Right-click CN=Public Folders, and then click Properties.
  3. Click the Security tab.
  4. Make sure that the Allow inheritable permissions from parent to propagate to this object check box is selected.
  5. Make sure that the Everyone group has the following Allow permissions:
    • Create named properties in the information store
    • Create public folder
    • Create top level public folder
    If the Allow inheritable permissions from parent to propagate to this object check box is selected, the Everyone group should already have these permissions. Make sure that the Deny check boxes are not selected.

↑ Back to the top


More information

You can use Exchange System Manager to view and change the permissions to create public folders. Permissions that you modify in Exchange System Manager should contain the same permissions as the CN=Public Folders object in Active Directory. However, if permissions are modified externally, the permissions may be out of synchronization. Deny overrides all Allow permissions.

↑ Back to the top


Keywords: KB313866, kbprb, kberrmsg

↑ Back to the top

Article Info
Article ID : 313866
Revision : 3
Created on : 2/14/2008
Published on : 2/14/2008
Exists online : False
Views : 494