Best Practices for creating Resource Mailbox Accounts

[Guest]

I have searched far and wide for guidance on creating accounts in Exchange
2003/Windows 2003 to be used for Resource Mailboxes but I keep coming up
empty.

I have about a dozen Resource accounts that I created under Exchange
5.5/Windows 2000 that migrated over just fine as Disabled/Mailbox enabled
accounts, but now I need to create additional ones.

Specifically I am concerned about the proper Permissions settings under
Mailbox Rights. My migrated accounts have an extensive list of Allow and
Deny Permissions that is shows to be "Inherited From Parent Object," but
there is no longer a "Parent" that I can discern that these are being
inherited from. When I create new accounts (even if I use the Copy option)
the only permission created for Mailbox Rights is for "SELF" giving it Read
and Full Mailbox Access. (and no, there is no checkbox to inherit permission
like in NTFS perms)

 

[Sue Mosher [MVP-Outlook]]

The Parent is the container for the mailboxes, as seen in ADU&C, but you don't use that tool to set up resource permissions. Instead, you use OUtlook to grant Author access to the Calendar folder. See http://www.slipstick.com/calendar/skedresource.htm

--
Sue Mosher, Outlook MVP
Author of Configuring Microsoft Outlook 2003

and Microsoft Outlook Programming - Jumpstart for
Administrators, Power Users, and Developers

 

[Guest]

Sue,
The container is Users/Recipients (the container that the migration wizard
placed them in, 'Default container for upgraded user accounts') and this has
no visable permissions.

I can't get to the point of granting Author rights to the calendar because I
don't yet have permission to open the mailbox. I added Domain Admins to the
Mailbox Rights with Allow permissions for everything but 'Associated external
account' but logging in with a Domain Admin account I am unable to open the
Outlook folders. I receive the following message: "Cannot start Microsoft
Office Outlook. Unable to open the Outlook window. The set of folders could
not be opened." Client is Outlook 2003.

What permissions do you have set for Mailbox Rights on your Resource Mailbox
Accounts?

 

[Sue Mosher [MVP-Outlook]]

To see the Security tab on an ADU&C container's Properties dialog, make sure View | Advanced Features is checked.

The article at http://support.microsoft.com/default.aspx?scid=kb;en-us;Q262054 explains how to grant an account, e.g. your admin account, rights to access all mailboxes. You might want to keep your resource mailboxes in their own container, so you can manager the permissions at the container level.

BTW, there's a microsoft.public.exchange.admin group for issues like this, with people much more experienced in Exchange answering the questions.

--
Sue Mosher, Outlook MVP
Author of Configuring Microsoft Outlook 2003

and Microsoft Outlook Programming - Jumpstart for
Administrators, Power Users, and Developers

 

[Guest]

Sue,
Thanks. I looked at the ADU&C perms, these are unrelated to the Mailbox
Rights.

I did find the answer in microsoft.public.exchange.admin :

Disable the account and grant the SELF account Associated External
Account and Full Mailbox access to that mailbox.

Give the Manager full mailbox rights as well.