XADM: Recovering Permissions on Public Folders When Deny Is Set (300444)


The information in this article applies to:

  • Microsoft Exchange 2000 Server
This article was previously published under Q300444

SYMPTOMS

When you try to mount a public folder store by using Exchange 2000 Server version of Exchange System Manager, you may receive the following error message:
The store could not be mounted because the Active Directory information was not replicated yet.
After you receive the preceding error message, you receive the following error message:
The Microsoft Exchange Information Store service could not find the specified object. ID no:c1041722
The following error message is logged in the event log:
Event Type: Error
Event Source: MSExchangeIS
Event Category: General
Event ID: 9519
Date: 8/30/2000
Time: 9:17:35 AM
User: N/A
Computer: Server
Description:
Error 0x80004005 starting database "First Storage Group\Mailbox Store (Server)" on the Microsoft Exchange Information Store.

CAUSE

This issue can occur if the public folder permissions for the Everyone group are set to Deny at the root of the public folder hierarchy in Exchange System Manager.

RESOLUTION

To resolve this issue, determine how the permissions are set, and then remove the assigned Deny permission:
  1. To determine how the permissions are set, run the Dsacls utility from the command line.

    NOTE: Dsacls is a command-line utility that is included with Microsoft Windows 2000 Server and is installed when you install the Windows 2000 Support Tools. Open a command prompt window and type the following command:

    DSACLS "CN=Public Folders,CN=Folder Hierarchies,CN=First Administrative Group,CN=Administrative Groups,CN=ORGANIZATION,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=DOMAIN,DC=com" >text.txt

    NOTE: In the preceding command, replace CN=ORGANIZATION and DC=DOMAIN with the names of your Exchange organization and domain. If you are running this command on a server in a child domain, you need to add a DC=DOMAIN field for each level of the domain name.

    This command produces an output file of which accounts have been set to deny. The following output shows the permissions settings when the Group Everyone has been set to Deny:

    Effective Permissions on this object are: 

Deny  Everyone   SPECIAL ACCESS 
                 READ PERMISSIONS 
                 LIST CONTENTS 
                 READ PROPERTY

  2. Remove the assigned Deny permission by using the following command:

    DSACLS "CN=Public Folders,CN=Folder Hierarchies,CN=First Administrative Group,CN=Administrative Groups,CN=Microsoft,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=DOMAIN,DC=com" /I:T /R EVERYONE

Modification Type:MinorLast Reviewed:4/28/2005
Keywords:kberrmsg kbprb KB300444
©2004 Microsoft Corporation. All rights reserved.