Correct. Why is it when in look into the AG from exchangeMan in my domain, I see that their domainAdmins have full exchange rights? Yet, they can't see any AG or even the Org in exchangeMan? And in adsiedit, they can only see the ORG in the config container.
Seems very strange. Someone had to have done something and it would have to be someone with enterpriseAdmin rights which no one has in that domain. Are you sure a misconfigured exchange 2003 server could not do this? What could? thanks -----Original Message----- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 4:36 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins So to summarize, you can't see details in their AG and they can't see details in your AG? That about right? Sounds like you need to redelegate the permissions to the AG, but I'm guessing. It's tough to get a read on the situation over time :) Seems odd though. -----Original Message----- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 11:39 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins yes they are mixed with the latest hotfixes. they have all rights on their AG except send as and recieve as. on the org, they are not listed, except of course their exchange domain servers group. same as us, and we see everything. further info- the root domain in the forest is in win2k native mode. they are running one exchange2003 server on a win2k box. thanks -----Original Message----- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 11:28 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins Are both child domains at SP3&4 mixed? Any hotfixes? I do know that e2k3 does work with permissions on the first install. But if you have perms in the one child domain and not the other, that doesn't sound like the issue directly. Sounds more like an Active Directory issue or some change that was made that nobody told you about/realized was made. Can you double check the permissions on the ORG and AG's? -----Original Message----- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 10:42 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins child domains are at sp3 and sp4. exchange2k sp3 child domains were not prepped -----Original Message----- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 9:55 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins What version is the child domain at (sp level of Windows DC?) and were the child domains domain prepp'd? Were both child domains treated the same? -----Original Message----- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 9:13 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins they moved it to another ou that has no group policy applied to it. i moved it back, still the same. i don't think it has anything to do with moving the group anymore. we are a multi domain win2k forest. the root domain is in win2k native mode, every other domain is mixed. we are in exchange2k native mode, though i think ther is a exchange2003 server in the root domain now. thats all that has been changed this specfic domain is the only one with an issue. hope that helps a little -----Original Message----- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 9:03 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins Well, let's backup. Where and why did they move the domain admins group? Can you move it back and see if your issue gets resolved? -----Original Message----- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 4:25 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins I see nothing strange in ldp and no replication errors in event log or rep monitor. I think its a permissions issue but i have nowhere to begin looking and as far as i know nothing has been changed. They don't really have an IT dept(we admin them) so no one would even know how to change something anyway. I can see the server and admin group using enterprise manager from my domain just not theirs(where the server is located). However when i try to access the directory tab of the server, i get "information about directory services could not be entirely obtained. make sure exchange management service is running". exchange management service IS running. very strange indeed. any other thoughts, tips? thanks -----Original Message----- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 3:38 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] moving domain admins If you open it up in LDP, what do you see (authenticated of course)? Is it possible that there's a replication issue? Have you checked the logs of the domains to see what's logged when you attempt to connect? Just where did they move the domain administrators from/to? Just from cn=users to something else? Al -----Original Message----- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 2:01 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins another labyrinthine cross post(sorry)- Also, i fire up adsi edit from their domain and i can only get to the organization in the config partition. when on go to the security tab, there are no entries. how can they just lose permissions to certain parts of the config paritition? the only change made was the root domain of the forest installed exchange 2003, but i doubt that had anything to do with. i'm very puzzled. -----Original Message----- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 1:16 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] moving domain admins Heck of a cross post, isn't it? Moving the domain administrators group is not something that should cause this type of issue. What else was done during those changes? -----Original Message----- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 12:45 PM To: Admin Issues (E-mail) Cc: ActiveDir (E-mail) Subject: [ActiveDir] moving domain admins I know moving the default exchange groups out of the users folder can screw things up as exchange expects to find them there, but will moving the domain admins from the users folder into another ou(no gpo applied) screw things up with exchange or any other services in ad? I only ask because some admin in another domain moved this group and now when i open exchange manager in their domain, i can't see the servers or any admin groups. i'm running exchange manager as their administrator account and thier domain admins have full exchange rights on their admin group. other than that exchange is functioning normally. thanks List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
