Hello and welcome to CertForums.co.uk, here we host free active certification forums with links to the best free resources for Microsoft's MCSA MCSE MCDBA Cisco's CCNA CCDA and CCNP, and CompTIA's A+ Network+ i-NET+ and Security+ certifications in the UK. If you wish to post or use other advanced features you will need to register first. Registration is absolutely free and takes only a few minutes to complete so sign up today!
If you have any problems with the registration
process or your account login, please contact support
As some of you are aware I am working my way through Exchange 2k3 stuff at the moment and am trying to think at every stage about the "real life" scenario as well as the "exam" talk...
Anyways here are a few questions which I have been unable to find answers for and I was wondering if someone with real life experience could help..
I would like to create a resource mailbox (Basically a shared mailbox between a few people) I do not want to use a Public Folder for this. So I create a new user and create the mailbox, and then give the necessary people the Read and Full Mailbox access permissions. If I hide this new account from the GAL I cannot get access to it? (I believe I could hide it once the people have added it or use the legacy exchange dn value to get it though?)
Also to help security I would like to disable the user account that is the resource mailbox owner (However once I do this again I cannot get access to it). I believe however that this rule may have changed since Exchange 2003 SP2 can someone confirm this?
Did Exchange 2000 act like this as well (ie disabled user account means others cannot access their mailbox) or is this an Exchange 2003 "feature"?
Also related to this I am seeing a few 9548 errors for disabled user accounts (The Exchange box is not fully patched yet its just a test box) is this also resolved in Exchange 2003 SP2?
Sorry for the big post but it all seems interlinked!
An I.T. job is tough, when everything works fine, you never hear anything from anyone, but the moment it goes wrong, you hear everything from everyone!
as far as disabling the account is concerned, simply set the logon hours to prevent all access. You can do this in the same tab in AD where the account status checkboxes are (Can remember the name off-hand). Theres a logon hours button at the top. Click on it, make sure all the times are selected, and tick the box that disables logon for those hours.
I dont believe you can grant access to accounts when the account is hidden in the GAl or disabled. We certainly couldnt at my old work.
"Im Nerdy in the extreme and whiter than sour cream"
Me: You need to buy a couple of servers.
Customer: Whats wrong with the servers I have?
Me: Well, you dont have *any* servers just now.
Customer: WTF! I thought I did!
Hi everyone thanks for the replies, especially Fergal's reply, that is literal thinking at its best and we shall make use of that one from now onwards.
An I.T. job is tough, when everything works fine, you never hear anything from anyone, but the moment it goes wrong, you hear everything from everyone!
24-Jul-2007, 07:53 AM
Linear Mode
Similar Threads