Re: Permissions required to manage Public Folders
- From: "Rich Matheisen [MVP]" <richnews@xxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 18 Nov 2005 13:21:47 -0500
"Guppy" <guppy413@xxxxxxxxxxxxxxxx> wrote:
>Our Org is in mixed mode, and the central Administrative Group where we
>installed the first Exchange 2003 server is the only one where we see a
>Folders container.
That's becasue there *is* only one.
>I'm the admin of the central Administrative Group, which
>is great, but our way of replicating our Public Folders (ESM) doesn't work
>for any of the admins in the other Administrative Groups.
The location of the public folder hierarchy in the ESM (which is
what's represented by "folders" container) isn't related to the way
ublic folders are replicated, but it sure does if you need to allow
other administrators *access* the container.
>
>Structure:
Actually, you're missing a piece . . .
>OURORG
> BOSTON
> Servers, etc.
> CENTRAL
> Servers, etc.
> Folders
PUBLIC FOLDERS
^^^^^^^^^^^^^^
> BOSTON
> OURS
>
>
>Here's how it goes:
>
>I (Admin from CENTRAL) right click on OURS folder, goes to Replication tab,
>sets replicas and adds my Exchange 2003, OK's, everything works
>
>Admin from BOSTON right clicks on BOSTON folder, goes to Replication tab,
>sets replicas and adds their Exchange 2003, OK's, is prompted for
>credentials, and finally is confronted with Access Denied facility Win32
>80070005
Have you delegated permission for the BOSTON admin to do this? If that
admin is granted permissions only on his own admin group he'll have
"Read-Only" permissions on the admin group containing the "Folders".
>We checked out whether that error relates to keep-alives, but we have
>keep-alives on.
Nope. 8007005 is "Access Denied".
>BOSTON can still replicate them using 5.5 but we (probably) need them to be
>able to administer their own folders after the 5.5 is gone.
After you switch out of mixed-mode operation you can create another
admin group that holds just the "Folders" container and delegate
permissions to all that need it -- without giving away everything
else.
>Delegating
>Exchange Full Administrator or Exchange Administrator role on CENTRAL seems
>excessive.
You can try making changes to the "Security" on the "Public Folders"
container, but I'd really recommend against that unless you're going
to try this on a lab machine first. :)
Living with this for a short time probably is the better course of
action. Concentrate on getting rid of 5.5 first. You'll be a lot
happier.
FYI, although it's not as pretty as the "Public Folders" you're asking
about, the admins at the other site can still manage the replication
from the "Public Folders" view on their own servers. If you have tens
of thousands of folders, with many of them named identically (but in
different hierarchies), this probably won't work (I know I wouldn't
wanna do it!). But you may be able to work out an arrangement with the
other admins to have just onle of you deal with replication for a
while.
--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@xxxxxxxxxxxxx
Or to these, either: mailto:h.pott@xxxxxxxxxxxxxxx mailto:melvin.mcphucknuckle@xxxxxxxxxxxxx mailto:melvin.mcphucknuckle@xxxxxxxxxxxxxxx
.
- References:
- Permissions required to manage Public Folders
- From: Guppy
- Permissions required to manage Public Folders
- Prev by Date: Re: E2K Deleted Messages
- Next by Date: Re: OWA PORT IN THE FIREWALL
- Previous by thread: Permissions required to manage Public Folders
- Next by thread: OWA PORT IN THE FIREWALL
- Index(es):
Relevant Pages
|
