XADM: Cannot Modify Security Properties in Exchange System Manager After You Use ExOLEDB (812853)



The information in this article applies to:

  • Microsoft Exchange 2000 Enterprise Server
  • Microsoft Exchange 2000 Server

SYMPTOMS

When you next try to modify security permissions by using the Exchange System manager utility after you modify the Extensible Markup Language (XML) security descriptor of a public folder by using the Exchange Object Linking and Embedding (OLE) Database (DB) Provider (ExOLEDB), you may not be able to do so, and you may receive an "Access denied" error message.

CAUSE

This issue may occur if you do not specify the use of "Admin" credentials when you log on to the Exchange private or public store by using the ExOLEDB provider.

When you do not specify the use of "Admin" privileges, the following attributes are missing for each user who is specified in the Access Control Entries (ACEs) that you create, causing Exchange System Manager to be unsuccessful when it next tries to open the security properties of that object:

NT4_COMPATIBLE_NAME
AD_OBJECT_GUID
DISPLAY_NAME

This occurs because the OPENSTORE_USE_ADMIN_PRIVILEGE flag is not passed by ExOLEDB during the logon process if you do not specify the use of "Admin" in the logon process.

RESOLUTION

To resolve this issue, when you modify the Access Control List (ACL) entries of a public folder by using the ExOLEDB provider, open the item by using administrative credentials. To do this, implicitly pass the OPENSTORE_USE_ADMIN_PRIVILEGE flag by adding "admin" to the Uniform Resource Locator (URL) that you use to access the object properties. For example, use one of the following paths, specifying the admin credential in each:
  • file://./backofficestorage/admin/mydomain.com/public folders/foldername
  • http://servername/exadmin/admin/mydomain.com/public folders/foldername

MORE INFORMATION

For additional information about the Microsoft Exchange OLE DB provider, visit the following Microsoft Exchange OLE DB provider Web site:For additional information about file URL namespace, visit the following Microsoft File URL Namespace Web site:For additional information about the Exchange 2000 Server Software Development Kit (SDK), visit the following Microsoft Exchange Server Web site:
For additional information about how to use ActiveX Data Objects (ADO) 2.5 with Microsoft Exchange, visit the following Microsoft "Introduction to Using ADO 2.5 with Microsoft Exchange 2000" Web site:

Modification Type:MinorLast Reviewed:6/13/2003
Keywords:kbprb KB812853