We have a 2008 resource forest with Exchange and EV in it and our account forest where our people live. EV has been in and running for around 2 months and Exchange is being rolled out as we are migrating from Notes. About half our UK users are now on Exchange (around 2500 people) and are configured to use EV.
Occassionally, EV would seem to lose contact with Exchange during a synchronisation and all our users would lose access to their vaults. The permissions within the vault would be blank and we would get the following in the vent log on the EV server:
Failed to list mailbox permissions whilst synchronizing due to a missing Active Directory attribute.
User: CN=aaaa,OU=UK,aaaaa=aaaa,DC=aaaaa,DC=aaaa
Attribute: msExchMailboxSecurityDescriptor
This permission is set correctly within AD. If you manually set the permissions then people can use EV quite happily.
What we found was that EV would usually right itself after a period of time, however, the permissions fell away around a week ago now and no-one has had access to their vaults in that time.
In the short-term I am looking at running a script to manually set the permissions for all users although this will take a fair amount of time to do and I would rather get to a point where the inherited permissions are doing what they are supposed to.
Any ideas?
