Enterprise Software Thread, Shared Calendars - Permissions Not Working! in Technical; Morning all!
We are experiencing some issues with shared calendars in Exchange, in that all members of staff are able ...
30th March 2011, 12:34 PM #1
- Rep Power
IDG Tech News
30th March 2011, 03:13 PM #2
Moving the permissions from the OU would not have any effect as staff are not members.
Can you pick one staff user and check the mailbox rights permissions on the object?
Can you also check any delegation rights on this one user for permissions?
You can browse each others calendars for free/busy, but you mentioned that users can edit too?
How are the users accessing another users calendar and editing calendar enteries?
30th March 2011, 04:20 PM #3
Dont see how that particular group setting would have any impact oni it as such (unless all ur users are Domain Admins :P)... but could be on the right lines, or it could well be some Exchange setting at play. Difficult for me to say for sure as not on Exch 2003 (running 2010 here) but would have thought that the AD integration isnt really far different between versions.
None of our staff can alter each others calendars without requesting permission, even those in the groups u mention.
Might be worth looking in AD Users and Computers console (on the Exchange server specifically or u might not see the relevent entries) - Advanced view - Security on the relevent OU, and see what grainial permissions those or the Domain Users group have on it regarding the Exchange related attributes.
Obviously, use extreme caution with actually changing any of that, as u cud make it a whole lot worse Exchange 2010 is pretty good at reverting configuration weirdness like that, but I'm not so sure on how good Exch 2003 is with this.
5th April 2011, 11:33 AM #4
- Rep Power
5th April 2011, 12:23 PM #5
1. By default the domain admins group should not have Full mailbox access to any mailboxes unless someone has been playing around with permissions.
2. When checking the permissions are you sure you are not looking at the Deny permission and not the allow permission?
3. This particular right/attribute is set on the Information Store and is also available in AD. Depends if this attriubute was set on the IS before a user was created and mail-enabled or not.
4. You should not remove these permissions but correct the issue you have.
5. You mention shared calendars, are these shared calendars in the staff mailboxes or are they dedicated as shared mailboxes which users can use?
6. Check the membership of the domain admins groups and check for a user who has access to the shared calendar that shouldn't is a member? Check for any other groups that exist in the domain admins group.
7. Run the following command from the exchange 2003 server for a user who should not have access to a shared mailbox. Replace username with the username of user as mentioned. DCNAME, enter your domain controller name. "DC......." enter your DN name for domain, i.e in example below the FQDN is mydomain.ad.local.com
ldifde -f username.txt -t 3268 -s DCNAME -d "DC=mydomain,dc=ad,dc=local,dc=com" -p subtree -r "(&(objectClass=user)(samaccountname=username) )" -v
By Sentro in forum Office Software
Last Post: 4th May 2010, 06:27 PM
By CarolBooth in forum MIS Systems
Last Post: 18th March 2010, 05:41 PM
By timbo343 in forum Windows
Last Post: 8th September 2009, 07:36 PM
By faza in forum How do you do....it?
Last Post: 23rd June 2008, 10:46 AM
By Stuart_C in forum Windows
Last Post: 8th February 2008, 02:32 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread