RE: Domain admin mailbox rights on Exchange 2003

"Exchange Admins" are denied permissions by default, not "Domain

-----Original Message-----
From: Gautreaux, Charles [mailto:cgautreaux@xxxxxxxxxxxxxxxxx]
Sent: Tuesday, August 01, 2006 10:19 PM
To: Miha Pihler; Nick Vaernhoej; focus-ms@xxxxxxxxxxxxxxxxx
Subject: RE: Domain admin mailbox rights on Exchange 2003

You must explicitly specify at the user level.

-----Original Message-----
From: Miha Pihler [mailto:Miha.Pihler@xxxxxx]
Sent: Tuesday, August 01, 2006 1:58 PM
To: Nick Vaernhoej; focus-ms@xxxxxxxxxxxxxxxxx
Subject: RE: Domain admin mailbox rights on Exchange 2003


Default installation of Exchange will not allow administrators to access
other user's mailboxes. Domain admins would actually have to go either
to Active Directory Users and Computer and give themselves permissions
to another mailbox or if they have access to Exchange System Manager
(ESM) they could grant themselves permissions there.


-----Original Message-----
From: Nick Vaernhoej [mailto:nick.vaernhoej@xxxxxxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, August 01, 2006 4:53 PM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: Domain admin mailbox rights on Exchange 2003

Hello all

Can I make sure that domain admins can't access certain people's
mailboxes on an Exchange 2003 server?
From a securityfocus article:
"Admin is DENIED access to mailboxes (by default), but is easily
On my home system by default I have access to any mailbox I want because
I am a domain admin so I am not sure what is meant by that statement
from securityfocus.

In AD with advanced view I can remove the domain admin under the persons
security tab. This seems to remove access to (Inbox) but not other
folders such as (Deleted Items). At the same time I lose access to
update their information. And I can just add Domain admins back in. I
have Kiwi alerting on changes made to access changes to exchange
mailboxes so being able to change permissions will be acceptable. By
default Domain Admins should not have the right though.

Any help will be greatly appreciated.

Thank you

"Quidquid latine dictum sit, altum sonatur."





Relevant Pages

  • Re: Local Admin on Domain Controller?
    ... You need to make sure that you are separating the permissions. ... Delegating control implies administrative control (i.e. make ... with Exchange 2000, it no longer implies full access to all mailboxes. ... If you want the domain admin to have full access to all mailboxes, ...
  • Re: Error code 80070005 at "GetMailboxTable" call...
    ... It should work with exchange view only admin. ... from this link what I felt is Exchnage View only permissions should be ... enough to connect to stores. ... domain admin privileges) and Exchange server name. ...
  • Exmerge errors
    ... Trying to get a backup of mailboxes on Exchange 2003. ... is or I wouldn't get email) and you have correct permissions to log on. ... Exchange Admin, Domain Admin and Admin ... I did download the Exmerge for Exchange 2003. ...
  • Re: Exchange 2000 containers (Fields) not showing up in active directory!!
    ... Don't need to log on with a domain admin ID. ... exchange should be done, there is a chapter in the up and coming Windows Server ... Joe Richards Microsoft MVP Windows Server Directory Services ... >>be managing users directly from domain controllers, ...
  • Re: New Exchange 2000 server wont join existing Ex 5.5 Organization
    ... account as the exchange administrator. ... When we specified the local domain admin account, ... > It sounds like there are still remnant of a previous install in the AD- ... >> to initially install an Exchange server on a regular member server to ...