Migrated Mailbox from Exchange 2003 to Exchange 2007 Prevents User from Logon to Outlook Web Access 2007 (OWA) Post Mailbox Move.

Link to full PDF
“If your Exchange 2007 Outlook Web Access (OWA) is failing for a user after the mailbox is
migrated from Exchange 2003 to Exchange 2007, the user account should be checked on the
Security tab under Advanced to see if it has “Allow inheritable permissions from the parent to
propagate to this object and all child objects.”

So how does this get turned off? Well, if the account is an administrative account or was ever an
administrative account previously, it will be turned off automatically. Reference the following:”

XADM: Do Not Assign Mailboxes to Administrative Accounts

From Article ID: 328753
“To help guard against such security issues, the Administrator account and accounts that are
members of these security groups are not permitted to inherit permissions. On the Security tab of
the group or account’s properties page, you can see that the Allow inheritable permissions from
parent to propagate to this object check box is not selected. Moreover, if you click to select this
check box, a Microsoft Windows 2000 system task soon clears it automatically. Clearing the
check box is a function of Windows 2000 intended to prevent hackers from playing with security
and inappropriately increasing their permissions to the level of administrator.”
While the article applies to Windows 2000, a similar thing occurs in Windows 2003.

-Credit to Forrest McDuffie of Pointbridge Consulting

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: