Is it doing it and then getting changed as you mention or is it not doing it?
When you put the user in the full admin group are you then logging on as the user or are you logging on as the other user accessing the first user's mailbox? This could be something specific to public folders. The Exchange permissioning model is a big messed up hodgepodge and a combination of what I call real permissions (those in AD) and mapi properties in mailboxes and other constructs in the store. I guess it is possible something goofy goes on between the mailbox and the PF, but you can be sure the mailbox is being accessed as the user logged in. You can easily ascertain that looking at the logon properties of the mailbox. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Friday, October 13, 2006 5:16 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT:Exchange/outlook auth question The i'm curious why Exchange won't let me change the perms on a PF through Outlook when logged into that user's mailbox but logged into the domain as a Exchange Full Admin. If i put the mailbox enabled user account into the Exchange full admin group, then it works. What am I not seeing here? Thanks On 10/12/06, joe <[EMAIL PROTECTED]> wrote: > The work is done as the logged on user, so in this case, as the Exchange > admin. > > > -- > O'Reilly Active Directory Third Edition - > http://www.joeware.net/win/ad3e.htm > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern > Sent: Thursday, October 12, 2006 8:46 PM > To: activedirectory > Subject: [ActiveDir] OT:Exchange/outlook auth question > > This isn't really an issue but more of an request for an explanation > of how things work under the hood. > > I have a mutli domain forest. > A user who is an Exchange full admin in one domain logs in and opens > Outlook to an mailbox that is owned by a user account in another > domain(same forest). > This mail box enabled user has no special rights. > The Exchange full admin account(which has full mail box rights on the > mailbox enabled acoount in the child domain) then modifies the rights > on a Public folder thru outlook, which Exchange seems to let him do > and then those perms disappear after a few minutes. > > Now my question is, when exchange determines who can do what, is that > based on the actual account logging into the domain with outlook or > the account associated with the mailbox that outlook has open? > if the later, does it just lookup the msexchmailboxguid to determine > the user account and base it on that? > > as i said, this is not an issue, just looking for an explanation of > how things work. > > > thanks > > > p.s- win2k3 forest ffl/dfl win2k3 and exch2k3 > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
