Permissions Issues after migrating to 2 new Exchange 2003 Servers
Stores:Shared - Exchange 2003 sp2 clusterServer 1 - Exchange 2003 sp2Server 2 - Exchange 2003 sp2Front Ends - Exchange 2003 sp2Previously all our mailboxes were homed on the instance Shared, with all the correct permissions. We found ourselves in the situation where we needed to move all the mailboxes to the new servers (Server 1/2) with them split between the 2. Server 1 is also where we have Cisco Unity installed so we have run the Cisco permissions wizard on that IS. Server 2 is just a default installation of Exchange (with the only change being the paths). We migrated all our active users mailboxes to the 2 servers and began noticing weird issues after a few days (shared calendars needed to be reshared for some people, not for others; some Exchange admins no longer had some privileges; etc..). I checked the permissions on the 3 respective IS's in ESM and noticed some differences and have tried to correct them as best as possible.One of the biggest problems we have is that our help desk staff who are responsible for the creation of new user accounts in Active Directory are not able to create mailboxes on Server 2. When they choose Server 2 for "Server" the Mailbox Store selection is empty. I have no problem setting them up, but I'm one of 2 people whose rights seem to be the same after the move. I have changed the permissions on the IS on Server 2 to match those of the original server instance (though I didn't restart the information store on Server 2 afterwards). I'm not sure if this is pertainent or not, but at the time we were moving the mailboxes I also had to change all of the FSMO roles in AD to newly created domain controllers that weren't in existence when the original Exchange instance was created.
March 24th, 2009 5:13pm

Hello,Exchange server 2000 and 2003 works in split permission model.... so if you have any customized permission on a server1 and if you move the user from server 1 to server2 (newly installed - with default permission), the mailboxes which you moved from server1 to server2 will inherit default permission from server2 which is quite different from your own customized.Here are few articles which will make you understand how exchange 2000/2003 integrates with active directory split permission model.Exchange Server 2003 Permissions FAQhttp://technet.microsoft.com/en-us/library/aa995794(EXCHG.65).aspxWorking with Store Permissions in Exchange 2000 and 2003http://technet.microsoft.com/en-us/library/bb123975(EXCHG.65).aspxSend As permission behavior change in Exchange 2003http://support.microsoft.com/kb/895949Grant Full Mailbox Rights to an Administrator on Exchange 2000/2003http://www.petri.co.il/grant_full_mailbox_rights_on_exchange_2000_2003.htmArun Kumar | MCSE - 2K3 + Messaging | ITIL-F V3
Free Windows Admin Tool Kit Click here and download it now
April 30th, 2009 3:55am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics