A user may be able to view the free-and-busy information of another user even though the other user belongs to separate company in Exchange 2000 or in Exchange 2003 (894252)



The information in this article applies to:

  • Microsoft Exchange Server 2003 Enterprise Edition
  • Microsoft Exchange Server 2003 Standard Edition
  • Microsoft Exchange 2000 Enterprise Server
  • Microsoft Exchange 2000 Server

SYMPTOMS

In a Microsoft Exchange 2000 Server environment or in a Microsoft Exchange Server 2003 environment, a user may be able to view the free-and-busy information of another user even though the other user belongs to a separate company.

For example, UserA in Company A sends a meeting request to UserB in Company B. UserB accepts the meeting request from UserA. When UserB opens the meeting request in Microsoft Outlook and then clicks the Schedule tab, the free-and-busy information for UserA is displayed.

CAUSE

This behavior occurs when the following conditions are true:
  • UserA and UserB reside in the same administrative group in the Exchange 2000 environment or in the Exchange 2003 environment.
  • UserA sends UserB a meeting request. Or, UserB sends UserA a meeting request.
For example, UserA and UserB reside in the same administrative group. If UserA sends UserB a meeting request, UserB also receives UserA's LegacyExchangeDN attribute. The LegacyExchangeDN attribute is contained in the meeting request. When UserB tries to view the free-and-busy information for UserA, Outlook uses the LegacyExchangeDN attribute to retrieve the free-and-busy information from the Schedule+ Free Busy Information folder. By default, all users in an administrative group have Editor permissions on the Schedule+ Free Busy Information folder for that administrative group.

WORKAROUND

To work around this behavior, use one of the following methods:
  • Turn off Editor permissions on the Schedule+ Free Busy Information folder for all users.
  • Move the user's mailbox into a separate administrative group.

Exchange 2003

Method 1: Turn off Editor permissions on the Schedule+ Free Busy Information folder for all users

  1. Log on to the Exchange 2003 computer by using an account that has Exchange Administrator permissions.
  2. Click Start, and then click System Manager.
  3. Expand Administrative Groups, expand AdministrativeGroupName, and then expand Servers.
  4. Expand ServerName, expand StorageGroupName, expand Public Folder Store (ServerName), and then click Public Folders.
  5. In the details pane, right-click Schedule+ Free Busy Information - AdministrativeGroupName, and then click Properties.
  6. Click the Permissions tab, and then click Client Permissions.
  7. In the Name box, click Default.
  8. Under Permissions, click None in the Roles box, and then click OK.

Method 2: Move the user's mailbox into a separate administrative group

  1. Log on to the Exchange 2003 computer by using an account that has Exchange Administrator permissions.
  2. Click Start, click Administrative Tools, and then click Active Directory Users and Computers.
  3. Right-click the user whose mailbox you want to move, and then click Exchange Tasks.
  4. After the Exchange Task Wizard starts, click Next.
  5. On the Available Tasks page, click Move Mailbox, and then click Next.
  6. On the Move Mailbox page, click the destination server and the administrative group under Server, and then click Next.
  7. Complete the remaining steps in the Exchange Task Wizard.

Exchange 2000

Method 1: Turn off Editor permissions on the Schedule+ Free Busy Information folder for all users

  1. Log on to a domain controller by using an account that has Exchange Administrator permissions.
  2. Click Start, click Programs, click Microsoft Exchange, and then click System Manager.
  3. Expand Administrative Groups, expand AdministrativeGroupName, and then expand Servers.
  4. Expand ServerName, expand StorageGroupName, expand Public Folder Store (ServerName), and then click Public Folders.
  5. In the details pane, right-click Schedule+ Free Busy Information - AdministrativeGroupName, and then click Properties.
  6. Click the Permissions tab, and then click Client Permissions.
  7. In the Name box, click Default.
  8. Under Permissions, click None in the Roles box, and then click OK.

Method 2: Move the user's mailbox to a separate administrative group

  1. Log on to a domain controller by using an account that has Exchange Administrator permissions.
  2. Click Start, click Programs, click Administrative Tools, and then click Active Directory Users and Computers.
  3. Right-click the user whose mailbox you want to move, and then click Exchange Tasks.
  4. After the Exchange Task Wizard starts, click Next.
  5. On the Available Tasks page, click Move Mailbox, and then click Next.
  6. On the Move Mailbox page, click the destination server under Server, and then click Next.
  7. Complete the remaining steps in the Exchange Task Wizard.

STATUS

This behavior is by design.

Modification Type:MajorLast Reviewed:5/18/2005
Keywords:kbtshoot kbprb KB894252 kbAudITPRO