Forum Discussion
brogyi
Mar 22, 2022Brass Contributor
Full access with mail enabled security group access denied
Hello, I read the MS docs Add-MailboxPermission docs (https://docs.microsoft.com/en-us/powershell/module/exchange/add-mailboxpermission?view=exchange-ps) and the User parameter accepts security grou...
brogyi
Apr 01, 2022Brass Contributor
Yesterday I did the maintenance. I dismounted the database and run the /mh switch check the output everything okay, clean state no waiting transactions. Starting with integrity check using the /g switch. The check was quite a time, but it found No error. I did prepare some repair cases, but I did not expect no error. I ran NewMailboxRepairRequest on all mailboxes, with all switches.
Today morning I checked the access, and it seems working fine. So I ran a PowerShell script to add the group to all mailboxes. After the script completed I picked a random mailbox and tried to open it. It did not work!
Here comes the interesting part. I do have a test mailbox who was in the test group (xch_test) for days. Steps I did:
1. I manually added the test group to a random mailbox to give full access
2. Tried to open the random mailbox with the test user – it succeeded
3. Added my account to the test group
4. tired to open the same random mailbox – it Not worked, same permission error
I did logoff from OWA, from Exchange server, login, not helping. Why is the Exchange is not aware of that my user is part of the group?
Today morning I checked the access, and it seems working fine. So I ran a PowerShell script to add the group to all mailboxes. After the script completed I picked a random mailbox and tried to open it. It did not work!
Here comes the interesting part. I do have a test mailbox who was in the test group (xch_test) for days. Steps I did:
1. I manually added the test group to a random mailbox to give full access
2. Tried to open the random mailbox with the test user – it succeeded
3. Added my account to the test group
4. tired to open the same random mailbox – it Not worked, same permission error
I did logoff from OWA, from Exchange server, login, not helping. Why is the Exchange is not aware of that my user is part of the group?
brogyi
Apr 07, 2022Brass Contributor
I moved 10 mailbox to a new database. I can access them via group fine. Note they already have the group added at the full permission tab. If I create a new user mailbox, at the new database and adding the security group to it, the error still happening. Meaning (to me) the original old database has no problem. Something else is working here differently. I can't move newly created mailboxes between databases just to make this work... Why is this happening?
- brogyiApr 07, 2022Brass ContributorNow it is working. I checked the replication, no error, but the Exchange server and the domain controllers are in one site. I do not understand at all this behaviour.
- EdTheFilApr 08, 2022Copper ContributorHi brogyi,
It is really something weird, there is some inconsistency around. What happens if you add a user directly to ACL of a newly created mailbox? Try to bypass the group.