Add-Mailboxpermission - broken permissions?

We`re about to migrate an Exchange 2003 organization to Exchange 2007.
The new 2007 servers are up and running.
The mailbox-migrations will occur this weekend. Before that I wanted to grant a specific admin-account FullAccess to all the mailboxes. So yesterday I ran Get-Mailbox -Resultsize unlimited | Add-Mailboxpermission -user admin-account -AccessRights FullAccess

Today the application-log on the Exchange 2003 servers were filled with event ID 9554:
http://support.microsoft.com/kb/555433
http://support.microsoft.com/kb/322308/en-us

I`ve located 90 unique GUIDs showing up in the logs.There is a total of 1800 mailboxes in the organization.

As mentioned in kb 555433 I ran adfind -gc -b "" -binenc -f " msExchMailboxGUID={{GUID:8be63a77-8f64-498d-a98d-6ee955e5883d}}" -dn on a few of the GUIDs showing up in the application logs and these are the Security Permissions on these accounts:
Administrators - All permissions except Full Control
Authenticated Users - All read permissions
Domain Admins - All permissions except Full Control
Enterprise Admins - All permissions except Full Control
Everyone - Change Password
Exchange Enterprise Servers - Read Personal Information, Write Personal Information, Read Public Information, Write Public Information
Pre-Windows 2000 Compatible Access - All read permissions
SYSTEM - All permissions (Full control)

I.e. the SELF object is missing...
I can see that "Allow inheritable permissions from parent to propagate to this object" check box on the Security tab of the user accounts in Active Directory now is unchecked. Isn`t this chck box supposed to be checked?
Did I break something on these 90 accounts when running the Add-Mailboxpermission on the 2003 mailboxes?

When looking at a random user which got the SELF object and the other normal permissions, the "Allow inheritable permissions..." is checked.

Should I had the "-InheritanceType all" specified too when running the cmdlet?
Is it possible to fix this?
I.e.by running Get-Mailbox -Resultsize unlimited | Add-Mailboxpermission -user admin-account -AccessRights FullAccess -InheritanceType all


As a note: No users have reported any problems accessing their mailboxes today.

jer

.

Relevant Pages

  • Problem sending mail from Exchange 5.5 to Exchange 2003
    ... Exchange 5.5 server. ... The difference between this migration ... Exchange 5.5 mailbox servers are placed in the users ... When migrating mailboxes home- and commonareas are ...
    (microsoft.public.exchange.misc)
  • Re: Move mailbox process experience
    ... Is it possible to start an Exchange 2000 store on an Exchange 2003 server? ... Best bet is to move the users mailboxes to the new stores. ... renaming the new servers to match, holding your breath while the store gets ...
    (microsoft.public.exchange.setup)
  • Re: CreateMailbox
    ... I've tried adding the administrator to the Exchange Domain ... > Servers group but am having no luck at all. ... Do not attempt to use the built-in administrator account and any ... has permissions to accomplish that task. ...
    (microsoft.public.exchange2000.development)
  • Re: Exchange 2003 WAN - Design/Sizing Question
    ... you'll want to ensure that your servers in the core site are ... >> Looking for anyone's input on a proposed Exchange 2003 design. ... >> The WAN is currently limited to 24Mb by its slowest link to an MPLS ... >> mailboxes over a WAN connection. ...
    (microsoft.public.exchange.design)
  • RE: Accessing other users inbox with OWA : works for some accounts only
    ... to grant the user account you want it to be able to access other mailboxes ... necessary permissions on your Exchange 2003 Server: ... After you grant a user account necessary permissions to all other mailboxes ...
    (microsoft.public.windows.server.sbs)
Loading