Re: Strange Public Folder permission assignments
- From: "Rich Matheisen [MVP]" <richnews@xxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 16 Aug 2006 20:41:05 -0400
shonkyholdings@xxxxxxxxx wrote:
Sorry, you lost me. You mounted a 5.5 PF database on an E2K3 server?
No - I oversimplified, extracted to pst, then imported via Outlook to
the 2k3 box.
Whew!
PF client permissions aren't kept in the AD, they're kept in the PF
database. Only mail-enabled public folders have a presence in the AD
(in the Microsoft Exchange System Objects container).
If you used Outlook to set the permissions the folders will have the
permissions set in the database.
All the permissions were set using the System Manager, and with
PFDAVAdmin
The users are not logging in with the AD creds, but still the NT
accounts.
But they must have an account in the AD for you to set the
permissions. The account's probably disabled and it's got an account i
the sIDHstory propertyy that references the NT domain where the active
account is found.
Oh yes - they do - it is how they are accessing their migrated mail. I
used the Migration Wizard to manage that for me, and wrote some scripts
to fix a few of the attributes.
I thought the SIDHistory attribute was only available in WIndows native
mode (ADMT uses this?). I was of the impression that the migration
wizard assigned the 'Associated External Account' to give access - or
is this the friendly name for SIDHistory?
It's been quite some time since I've dealt with 5.5 migrations (and
glad of it!). The AEA permissions are correct.
The GAL is just the presentation of AD objects through the NSPI.
Yes - this i understand. Initially i added the users who required
access to the folder, call them A & B. this did not work. So i created
a group, called C and added the users A & B - and this grants the users
the access.
And as the domain is not in native mode, the groups are Security
Groups.
Well, yes, they'd have to be.
Our Exchange box is in the top level domain, and the user
accounts are in a child domain, so exchange is not consistently
enumerating the memberships.
That shouldn't be a problem -- provided there's a RUS for each of the
AD domains and each domain's been subjected to the Exchange "setup
/domainprep".
Am trying to convince the client that they
can go Windows Native (no nt4 PDC's) and we can change the groups to
Universal. Hopefully this will solve that problem.
The Universal group thing is bringing back bad memories.
Users cannot access public folder resources that are members of a
nested Universal Distribution Group (UDG) in a mixed-mode Exchange
Server environment [898082]
You cannot add a distribution group to permissions of a public folder
in Exchange 2000 [274046]
There's more of this sort of stuff, too.
--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@xxxxxxxxxxxxx
Or to these, either: mailto:h.pott@xxxxxxxxxxxxxxx mailto:melvin.mcphucknuckle@xxxxxxxxxxxxx mailto:melvin.mcphucknuckle@xxxxxxxxxxxxxxx
.
- References:
- Strange Public Folder permission assignments
- From: shonkyholdings
- Re: Strange Public Folder permission assignments
- From: Rich Matheisen [MVP]
- Re: Strange Public Folder permission assignments
- From: shonkyholdings
- Re: Strange Public Folder permission assignments
- From: Rich Matheisen [MVP]
- Re: Strange Public Folder permission assignments
- From: shonkyholdings
- Strange Public Folder permission assignments
- Prev by Date: Re: mail problem
- Next by Date: Re: move exchange 2003 public folders
- Previous by thread: Re: Strange Public Folder permission assignments
- Next by thread: sms gateway
- Index(es):
Relevant Pages
|
Loading
