Mailbox Rights for New Users Shows Only Self (272153)


The information in this article applies to:

  • Microsoft Exchange 2000 Server
  • Microsoft Exchange Server 2003 Enterprise Edition
  • Microsoft Exchange Server 2003 Standard Edition
This article was previously published under Q272153

SYMPTOMS

In Microsoft Exchange 2000 Server or Microsoft Exchange Server 2003, when you create new mailbox-enabled accounts in Active Directory, they do not have inherited mailbox rights. The only object that is granted permission is Self, which is granted full mailbox access and read rights.

CAUSE

This behavior occurs because the mailbox security descriptor is not read from the Active Directory account object until the user logs on or gets mail. The Recipient Update Service does not stamp the inherited permissions when the mailbox is created. After the mailbox is created in the store, the store calculates inherited mailbox rights.

RESOLUTION

To resolve this behavior, log on to or send a message to the mailbox. When the mailbox is created in the store, the store itself calculates the inherited permissions and stamps them on the store's copy of the mailbox security descriptor.

MORE INFORMATION

To view mailbox rights, follow these steps:
  1. In the Microsoft Management Console (MMC), click Advanced Features on the View menu.
  2. Under Active Directory Users and Computers, click the account, click the Exchange Advanced tab, and then click Mailbox Rights.
The rights are displayed in the Permissions for account name dialog box.
Modification Type:MinorLast Reviewed:4/28/2005
Keywords:kbprb KB272153
©2004 Microsoft Corporation. All rights reserved.