Showing results for 
Search instead for 
Did you mean: 

Mailbox permission synchronisation

Level 3

We have a 2008 resource forest with Exchange  and EV in it and our account forest where our people live.  EV has been in and running for around 2 months and Exchange is being rolled out as we are migrating from Notes. About half our UK users are now on Exchange (around 2500 people) and are configured to use EV. 


Occassionally, EV would seem to lose contact with Exchange during a synchronisation and all our users would lose access to their vaults.  The permissions within the vault would be blank and we would get the following in the vent log on the EV server:


Failed to list mailbox permissions whilst synchronizing due to a missing Active Directory attribute.

User: CN=aaaa,OU=UK,aaaaa=aaaa,DC=aaaaa,DC=aaaa

Attribute: msExchMailboxSecurityDescriptor

This permission is set correctly within AD. If you manually set the permissions then people can use EV quite happily. 


What we found was that EV would usually right itself after a period of time, however, the permissions fell away around a week ago now and no-one has had access to their vaults in that time.


In the short-term I am looking at running a script to manually set the permissions for all users although this will take a fair amount of time to do and I would rather get to a point where the inherited permissions are doing what they are supposed to.


Any ideas? 


Level 4
Employee Accredited Certified

Are both your resource forest and your account forest in 2008 native mode? Or are they 2008 running in 2003 compatibility mode?


As far as I know we don't support 2008 AD currently, so you could be running into issues purely due to incompatiblity?

Level 3
Exchange and Ev are in a 2008 forest; the accounts are in 2003.  The funny thing is that it was working; then it started to work intermittently and now it has stopped completely.