You may receive an error message when you try to open another user's mailbox that you have Full Mailbox Access permission to on an Exchange 2000 Server (830830)


The information in this article applies to:

  • Microsoft Exchange 2000 Server

SYMPTOMS

When you are granted Full Mailbox Access permission to another user's mailbox on a Microsoft Exchange 2000 Server, and you try to open the other user's mailbox from your default mailbox profile, you may receive an error message that is similar to the following:
Unable to expand the folder. The set of folders could not be opened. The information store could not be opened.
If you try to use the Open - Other User's Folder command on the Files menu to open the other user's mailbox, you may receive an error message that is similar to the following:
Unable to display the folder. The information store could not be opened.

CAUSE

This problem may occur if the msExchMailboxSecurityDescriptor attribute is missing from the Your_User_Name Active Directory object.

The msExchMailboxSecurityDescriptor attribute may be missing from the Your_User_Name Active Directory object if the LDIFDE tool, the ADSI tool, or the CSVDE tool was used to create the object. Or, the msExchMailboxSecurityDescriptor attribute may be missing if mail attributes have been removed in the past by the killmail command, or the Remove Exchange Attributes task, and then the attributes were reconnected by using the Mailbox Reconnect tool (Mbconn).

WORKAROUND

To work around this issue, in Active Directory Users and Computers, remove the SELF name, add the SELF name, and then grant SELF, Read, and Full Mailbox Access permissions on the Exchange Advanced tab of the user name object that is experiencing this issue. To do this, follow these steps:
  1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. In the Tree pane, expand Your_Domain, and then click Users.
  3. In the right pane, right-click the name of the user who is experiencing the issue that is mentioned in the "Symptoms" section, and then click Properties.
  4. Click the Exchange Advanced tab, and then click Mailbox Rights.
  5. In the Permissions for User Name dialog box, in the Name list, click SELF, and then click Remove.
  6. Click Add.
  7. In the Select Users, Computers or Groups dialog box, in the Name list, click SELF, click Add, and then click OK.
  8. In the Permissions for User Name dialog box, in the Name list, click SELF.
  9. In the Permissions list for the user SELF, click to select the Allow check boxes for Read permissions and for Full mailbox access.
  10. Click Apply, click OK two times.
Note If you have many users accounts that are missing the msExchMailboxSecurityDescriptor attribute, you can contact Microsoft Product Support Services to obtain a script. This script can be used to populate the missing msExchMailboxSecurityDescriptor attribute.

MORE INFORMATION

For more information about issues that may occur if the msExchMailboxSecurityDescriptor attribute is missing, click the following article number to view the article in the Microsoft Knowledge Base:

324353 Users cannot access public folders or delegate mailboxes on a separate server

Modification Type:MajorLast Reviewed:10/10/2006
Keywords:kberrmsg kbprb KB830830 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.