SELF Permission on Exchange Mailboxes
Why is the SELF permission the only permission seen on the Mailbox Rights properties on Exchange 2000/2003 mailboxes?
MS KB 272153 has more info:
In Microsoft Exchange 2000 Server or Microsoft Exchange Server 2003, when you create new mailbox-enabled accounts in Active Directory, they do not have inherited mailbox rights. The only object that is granted permission is Self, which is granted full mailbox access and read rights.
What is “Inside Microsoft Teams”?
“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.
To view mailbox rights, follow these steps:
Note: This is not necessary on Exchange Server 2003 because of the fact that the Exchange Advanced tab is exposed by default.
This behavior occurs because the mailbox security descriptor is not read from the Active Directory account object until the user logs on or gets mail. The Recipient Update Service (RUS) does not stamp the inherited permissions when the mailbox is created. After the mailbox is created in the store, the store calculates inherited mailbox rights.
To resolve this behavior perform one of the following actions:
Note: Opening Outlook requires you to be logged on as the destination user, while OWA does not require you to be logged on as the user. However, both methods require that you know the destination user’s password.
When the mailbox is created in the store, the store itself calculates the inherited permissions and stamps them on the store’s copy of the mailbox security descriptor.