You may receive an error message when you try to open another user's mailbox that you have Full Mailbox Access permission to on an Exchange 2000 Server

When you are granted Full Mailbox Access permission to another user's mailbox on a Microsoft Exchange 2000 Server, and you try to open the other user's mailbox from your default mailbox profile, you may receive an error message that is similar to the following:If you try to use the Open - Other User's Folder command on the Files menu to open the other user's mailbox, you may receive an error message that is similar to the following:

This problem may occur if the msExchMailboxSecurityDescriptor attribute is missing from the Your_User_Name Active Directory object.

The msExchMailboxSecurityDescriptor attribute may be missing from the Your_User_Name Active Directory object if the LDIFDE tool, the ADSI tool, or the CSVDE tool was used to create the object. Or, the msExchMailboxSecurityDescriptor attribute may be missing if mail attributes have been removed in the past by the killmail command, or the Remove Exchange Attributes task, and then the attributes were reconnected by using the Mailbox Reconnect tool (Mbconn).

To work around this issue, in Active Directory Users and Computers, remove the SELF name, add the SELF name, and then grant SELF, Read, and Full Mailbox Access permissions on the Exchange Advanced tab of the user name object that is experiencing this issue. To do this, follow these steps:

1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
2. In the Tree pane, expand Your_Domain, and then click Users.
3. In the right pane, right-click the name of the user who is experiencing the issue that is mentioned in the "Symptoms" section, and then click Properties.
4. Click the Exchange Advanced tab, and then click Mailbox Rights.
5. In the Permissions for User Name dialog box, in the Name list, click SELF, and then click Remove.
6. Click Add.
7. In the Select Users, Computers or Groups dialog box, in the Name list, click SELF, click Add, and then click OK.
8. In the Permissions for User Name dialog box, in the Name list, click SELF.
9. In the Permissions list for the user SELF, click to select the Allow check boxes for Read permissions and for Full mailbox access.
10. Click Apply, click OK two times.

Note If you have many users accounts that are missing the msExchMailboxSecurityDescriptor attribute, you can contact Microsoft Product Support Services to obtain a script. This script can be used to populate the missing msExchMailboxSecurityDescriptor attribute.

For more information about issues that may occur if the msExchMailboxSecurityDescriptor attribute is missing, click the following article number to view the article in the Microsoft Knowledge Base: