Daily Archives: May 24, 2005

Exchange users not persisting when permissions assigned

I’ve been offering some telephone support to my friend who is running Exchange 2000 who is trying to with migrate the rest of his users from Exchange 5.5 and I’ve noticed some strange behaviour (from Exchange, not my friend!).  Users keep disappearing (sometimes I wish….!)

When he assign permissions to a folder in AD and adds the user.  The next time he looks in the security tab – they’ve gone.  Its to do with the msExchMasterAccountSID attribute.

1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
2. Click View, and then make sure that there is a check mark in the Advanced Features check box. If the Advanced Features check box does not have a check mark, click to select the Advanced Features check box.

Note: A check mark in the Advanced Features box means that this feature is turned on.

3. In the folder tree, click Users.
4. In the right pane, find the user account that you want to change, and then click Properties.
5. Click the Exchange Advanced tab, and then click Mailbox Rights. 
6. Under Name, view each entry. Find the account that has the Allow check box selected for Associated external account, and then click to clear the Allow check box. 

Here’s an article that fixes it for lots of users using CDOEXM

By the way, I had some great fun with the search engines using “disappearing users” …

I need to get out into the sunshine some more…

[Update] Nino reminded me that there are some other really useful KB articles that you should also have a look at to troubleshoot this problem:

Delegated permissions are not available and inheritance is automatically disabled

Description and Update of the Active Directory AdminSDHolder Object

Thanks Nino.


SMS Primary and Secondary sites

So what’s the maximum number of secondary sites that can attach to an SMS 2003 primary site?  <customer question>

Well, I’ve searched all over for the definitive answer to this one – and I can’t find anything! I’ve discovered that SMS can’t deal with more than 500 Distribution points at all, and that 500 secondaries are not recommended.  The SMS Capacity planner gives a lot of assistance in planning your site, and gets you round some of the questions – but you need to be aware of the reporting times that having such a lot of secondary sites gives you..

I’ve scoured the Deployment scenarios document but can find nothing definitive.  So if you see something that I’ve missed, please let me know so I can go back to my customer (rather a large scale deployment and they want to use the least number of servers possible)