Re: Strange Public Folder permission assignments
- From: shonkyholdings@xxxxxxxxx
- Date: 15 Aug 2006 22:50:35 -0700
Sorry, you lost me. You mounted a 5.5 PF database on an E2K3 server?
No - I oversimplified, extracted to pst, then imported via Outlook to
the 2k3 box.
PF client permissions aren't kept in the AD, they're kept in the PF
database. Only mail-enabled public folders have a presence in the AD
(in the Microsoft Exchange System Objects container).
If you used Outlook to set the permissions the folders will have the
permissions set in the database.
All the permissions were set using the System Manager, and with
PFDAVAdmin
The users are not logging in with the AD creds, but still the NT
accounts.
But they must have an account in the AD for you to set the
permissions. The account's probably disabled and it's got an account i
the sIDHstory propertyy that references the NT domain where the active
account is found.
Oh yes - they do - it is how they are accessing their migrated mail. I
used the Migration Wizard to manage that for me, and wrote some scripts
to fix a few of the attributes.
I thought the SIDHistory attribute was only available in WIndows native
mode (ADMT uses this?). I was of the impression that the migration
wizard assigned the 'Associated External Account' to give access - or
is this the friendly name for SIDHistory?
The GAL is just the presentation of AD objects through the NSPI.
Yes - this i understand. Initially i added the users who required
access to the folder, call them A & B. this did not work. So i created
a group, called C and added the users A & B - and this grants the users
the access.
And as the domain is not in native mode, the groups are Security
Groups. Our Exchange box is in the top level domain, and the user
accounts are in a child domain, so exchange is not consistently
enumerating the memberships. Am trying to convince the client that they
can go Windows Native (no nt4 PDC's) and we can change the groups to
Universal. Hopefully this will solve that problem.
Im sure it will become clearer as I read the paper.
Maybe. Maybe not. :) PF permissions, as I said, in a mixed-mode
organization as really ugly.
Your preaching to the choir!!!!
thanks for the info Rich!
ta
--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@xxxxxxxxxxxxx
Or to these, either: mailto:h.pott@xxxxxxxxxxxxxxx mailto:melvin.mcphucknuckle@xxxxxxxxxxxxx mailto:melvin.mcphucknuckle@xxxxxxxxxxxxxxx
.
- Follow-Ups:
- Re: Strange Public Folder permission assignments
- From: Rich Matheisen [MVP]
- Re: Strange Public Folder permission assignments
- References:
- Strange Public Folder permission assignments
- From: shonkyholdings
- Re: Strange Public Folder permission assignments
- From: Rich Matheisen [MVP]
- Re: Strange Public Folder permission assignments
- From: shonkyholdings
- Re: Strange Public Folder permission assignments
- From: Rich Matheisen [MVP]
- Strange Public Folder permission assignments
- Prev by Date: Re: Opinions on IMF
- Next by Date: Re: how to rewrite recipient domain
- Previous by thread: Re: Strange Public Folder permission assignments
- Next by thread: Re: Strange Public Folder permission assignments
- Index(es):
Relevant Pages
|
