Help!I am seeing a weird issue on our Exchange Server for our child domain. When using any Domain Admin account for that child domain (with the exception of the built-in Admin account) to create a new user the Mailbox Store DB for that domain does not show up. If I use the built-in Admin account everything is fine.I verified that the account I was using (namely mine) was in all the same groups as the built-in. This has me stumped. The otherweird thing is that ifI set the new user attach to the parent domain the mailbox store will appear in the box.Any helpwith this will be greatly appreciated.

Hi,Are the domain admins members of the exchange view only admins (or do they have higher exchange server permissions)??Leif

Are you saying that mailboxes dont show up in the list of mailboxes when you look at the mailbox store content?Are those mailboxes working ?lasse at humandata dot se, http://anewmessagehasarrived.blogspot.com

Hi Chris, From your description, I guess that when creating new user, the Mailbox Store list is empty after selecting Exchange Server when attempting to create an Exchange mailbox for the user. Please let me know whether I understand the problem correctly. If I understand the problem correctly, please let me know whether the issue can be reproduced when creating a new user and join the user to Domain Admins group. I would like to explain that the issue may occur if the user account which used to create new user lost some permission to read the Mailbox Database object. By default, the Domain Admins group should have Full Control permission to the Mailbox Database object except the Receive As and Send As permissions are denied. You can use Adsiedit.msc tool to check the permission. Mike

Hi All,Lief - The DM Admins are set to full access. Lasse - If I create a new user and mailbox for that child domain with the main admin account everything works, but if I try creating one with my domain admin account I do not see the mailbox store for that domain listed. Mike - You are correct on when the Mailbox Store list is empty. I haven't tried a new user from scratch, I have tried copying the main admin account, I tried even re-enabling the account of the admin before me, since he set this up. His account acts the same as mine. I will give setting one up from scratch and will let you know what happens. Thanks for answering.Chris

Mike,I created a fresh new user with domain admin rights, made sure it was added into the same groups that the main (working) admin is but it acted the same as the other non-working admin accounts. Chris

Hi Chris, Thanks for your response. I would like to explain that I am able to reproduce the issue if I denied Domain Admins group the Read Permissions to the database object by using Adsiedit.msc. Therefore, I suggest you run following command to check the ACL of the database object: Dsacls CN=Mailbox Store Name,CN=Storage Group Name,CN=InformationStore,CN=ServerName,CN=Servers,CN=Administrative Group Name,CN=Administrative Groups,CN=Organization Name,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domainname,DC=com >dbacl.txt The Domain Admins group should only be denied Receive As and Send As permission to the database object. For your reference, I have no Child Domain environment. Therefore, I run the command on single domain environment: Allow LAB2\Domain Admins SPECIAL ACCESS <Inherited from parent> DELETE READ PERMISSONS WRITE PERMISSIONS CHANGE OWNERSHIP CREATE CHILD LIST CONTENTS WRITE SELF WRITE PROPERTY READ PROPERTY LIST OBJECT CONTROL ACCESS Deny LAB2\Domain Admins Receive As <Inherited from parent> Deny LAB2\Domain Admins Send As <Inherited from parent> In addition, if you have several DCs exist in the environment, I suggest you configure the ADUC to connect to specific DC which contains the Database Object to test the issue in order to bypass AD replication issue if exists. For your reference: How to Use Dsacls.exe in Windows Server 2003 and Windows 2000 http://support.microsoft.com/kb/281146/en-us Mike

Mike,Thanks for your help. I found the problem. My predecessor for some reason did not give the domain admins for that domain, rights for the store itself. He gave them rights for EVERYTHING else except that. Thanks for again. Chris