Hi, I am lost as to what is missing on this one. Scenario: Recently added 2 new Win2008 R2 DC's to my 2003 Domain that has had Exchange 2007 SP2 running on a Win 2003 R2 membe rserver in it since Dec2009.Have had no issues creating mailboxes either straight from EMC or first in ADUC and connecting new mailbox to existing user.....UNTIL I turned off the 2003 DC. I had already moved all 5 FSMO's to the R2DC and both are Global Catalogs as had the 2003 DC been. First I was unable to create any mailbox and found I need to manually point to the new DC and restart System Attendant which resolve being able to create a new mailbox account. But now the only issue that remains is with the 2003 DC off or back on, any new mailbox I create ONLY has SELF with full access and not the other account like Exchange Domain Servers, Exchange services, BES admin and the SEA Admin that all other previous account in the Mailboxes database contain. I already ran ADSIedit and verified inherit is set and ran EMC to check the inherited rights of all mailbox store are listed with Get-ADPermission -Identity "First Storage Group" -DomainController dc2.xxxx.com the rights are listed as inherited=true and deny =False. What am I missing? To recap, With only Win 2008 R2 DC's now and previously installed Exchange 2007 SP2 built when running with Win 2003 DC's, when I create a mailbox and it no longer inherites Mailbox permission as before. anyone know why or what I need to modify?

On Thu, 25 Mar 2010 19:20:53 +0000, Docyit2 wrote:>>>Hi, >> I am lost as to what is missing on this one. >>Scenario: Recently added 2 new Win2008 R2 DC's to my 2003 Domain that has had Exchange 2007 SP2 running on a Win 2003 R2 membe rserver in it since Dec2009.Have had no issues creating mailboxes either straight from EMC or first in ADUC and connecting new mailbox to existing user.....UNTIL I turned off the 2003 DC. I had already moved all 5 FSMO's to the R2DC and both are Global Catalogs as had the 2003 DC been. > >First I was unable to create any mailbox and found I need to manually point to the new DC and restart System Attendant which resolve being able to create a new mailbox account. >> >>But now the only issue that remains is with the 2003 DC off or back on, any new mailbox I create ONLY has SELF with full access and not the other account like Exchange Domain Servers, Exchange services, BES admin and the SEA Admin that all other previous account in the Mailboxes database contain. This is normal. It's the Exchange Information Store that applies theother permissions. Until the mailbox is created in the database, SELFis the only permission you'll see in the AD.---Rich MatheisenMCSE+I, Exchange MVP--- Rich Matheisen MCSE+I, Exchange MVP

Besides, I recommend you to use ExBPA to have a health scan and then check the report. Regards, Xiu

Thanks Rich! You were so right and it was so simple. I was over thinking it because of the first failure when I turned off the 2003 DC and being unable to even create a mailbox. Thanks again