RE: AD Magic
- From: Meinolf Weber <meiweb(nospam)@gmx.de>
- Date: Tue, 15 Jul 2008 21:14:26 +0000 (UTC)
Hello josephr38hotmailcom@xxxxxxxxxxxxxxxxxxxxxxxxx,
Send AS was just an example here. The point is that you check if the user are member of the groups which are effected by the automatic reset.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Thank you for your reply. This is off target. I am not discussing
Send As
rights, but rather the disappearance of an account that I gave access
permissions to access the mailbox and go through the items therein
contained.
We do this when someone has left our company and their supervisor or
co-worker needs access into their email in order to see what that
person sent
or received.
It is frustrating when you add someone to an account so that they have
access, and then that access disappears without reason.
"oz.ozugurlu" wrote:
Check this to see if it remedies the problem.....
The Active Directory directory service has a process that makes sure
that members of protected groups do not have their security
descriptors manipulated. If a security descriptor for a user account
that is a member of a protected group does not match the security
descriptor on the AdminSDHolder object, the user's security
descriptor is overwritten with a new security descriptor that is
taken from the AdminSDHolder object.
The Send As right is delegated by modifying the security descriptor
of a user object. Therefore, if the user is a member of a protected
group, the change is overwritten in about one hour.
http://support.microsoft.com/kb/907434
--oz
--
Oz Ozugurlu
MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
oz@xxxxxxxxxx
http://smtp25.blogspot.com (Blog)
"josephr38@xxxxxxxxxxx" wrote:
We are running Windows Server 2003 with Exchange 2003 in a mixed
Windows2k domain and forest. I find that when I give someone rights
whether it is giving someone rights to someone else's mailbox or
adding them to a group in AD that at times their name will drop out
of the mailbox or group.
For example, last week I gave Mr. A rights to Mr. B's mailbox in the
Exchange Advanced tab of Mr. B's AD account. Today I received a
call that Mr. A was unable to access Mr. B's mailbox. When I looked
at the Exchange Advanced tab on Mr. B's account, Mr. A's name was no
longer there and I had to add it back. I have seen a lot of this
happening in the last few months, but it happens randomly - not with
enough rhyme or reason to be able to point to an issue.
Has anyone else experienced this, and if so, what is the solution?
Or could this be an AD replication issue?
.
- References:
- RE: AD Magic
- From: josephr38@hotmail.com
- RE: AD Magic
- Prev by Date: Re: Windows Time Service Script
- Next by Date: Re: Unlock administrator accounts
- Previous by thread: RE: AD Magic
- Next by thread: ADMTv31 released
- Index(es):
Relevant Pages
|
