You Cannot Create a New Public Folder in Exchange 2000 Server or in Exchange Server 2003 (313866)


The information in this article applies to:

  • Microsoft Exchange 2000 Server
  • Microsoft Exchange Server 2003 Enterprise Edition
This article was previously published under Q313866

SYMPTOMS

When you try to use Microsoft Outlook to create a public folder, you may receive the following error message:
Unable to create the folder. You do not have sufficient permission to perform this operation on this object. See the folder contact or your system administrator.
A warning message that is similar to the following may also be logged in the Application event log (where server_name is the name of the server, ORGANIZATION is the name of the Exchange 2000 or Exchange 2003 organization, and administrative_group is the name of the administrative group):

Event Type: Warning
Event Source: MSExchangeIS Public Store
Event Category: Access Control
Event ID: 1030
Date: 20/09/2001
Time: 9:23:02 AM
User: N/A
Computer: server_name
Description:
adam.barr@adatum.com failed an operation on folder /O=ORGANIZATION/OU=administrative_group/CN=RECIPIENTS/CN=MESSAGING80002AA911CFEB91F24FF7950D20925F02268E on database "First Storage Group\Public Folder Store (server_name)" because the user did not have the following access rights:
'Delete' 'Read Property' 'Write Property' 'Create Message' 'View Item' 'Create Subfolder' 'Write Security Descriptor' 'Write Owner' 'Read Security Descriptor' 'Contact'

The data section of this warning message contains the entry ID of the folder. In Exchange System Manager, if you right-click the folder, the shortcut menu command to create public folders may not exist. You may also be prompted for Hypertext Transfer Protocol (HTTP) authentication when you try to expand the public folder tree in Exchange System Manager.

CAUSE

This issue may occur if the permissions of the following object are not correctly configured and are different from the permissions of the root public folder tree as viewed in Exchange System Manager (where ORGANIZATION is the name of the Exchange 2000 organization and administrative_group is the name of the administrative group):

CN=Public Folders,CN=Folder Hierarchies,CN=administrative_group,CN=Administrative Groups,CN=ORGANIZATION,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ORGANIZATION,DC=com

The Everyone group is set with an explicit Deny for the Create public folder or Create top level public folder permissions.

RESOLUTION

To resolve this issue, configure the permissions correctly. To do so, you have to use the ADSI Edit snap-in.

WARNING: If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Exchange 2000 Server, or both. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.

To configure the permissions:
  1. Start ADSI Edit. In the CN=Configuration container, locate the following container (where ORGANIZATION is the name of your Exchange 2000 or Exchange 2003 organization and administrative_group is the name of your administrative group):

    CN=Services,CN=Microsoft Exchange,CN=ORGANIZATION,CN=Administrative Groups,CN=administrative_group,CN=Folder Hierarchies,CN=Public Folders

  2. Right-click CN=Public Folders, and then click Properties.
  3. Click the Security tab.
  4. Make sure that the Allow inheritable permissions from parent to propagate to this object check box is selected.
  5. Make sure that the Everyone group has the following Allow permissions:

    • Create named properties in the information store
    • Create public folder
    • Create top level public folder
    If the Allow inheritable permissions from parent to propagate to this object check box is selected, the Everyone group should already have these permissions. Make sure that the Deny check boxes are not selected.

MORE INFORMATION

You can use Exchange System Manager to view and change the permissions to create public folders; permissions that you modify in Exchange System Manager should contain essentially the same permissions as the CN=Public Folders object in Active Directory. However, if permissions are modified externally, the permissions may be out of synchronization. Deny overrides all Allow permissions.
Modification Type:MinorLast Reviewed:4/21/2005
Keywords:kberrmsg kbprb KB313866
©2004 Microsoft Corporation. All rights reserved.