XADM: The Members of a Universal Security Group Are Denied Access to Public Folders

Article translations Article translations
Article ID: 318246 - View products that this article applies to.
This article was previously published under Q318246
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

SYMPTOMS

After you apply Exchange 2000 Service Pack 2 (SP2), users who are members of universal security groups may not be able to gain access to public folders on Exchange 2000 Server. Such users may receive the following error message:
Unable to display the folder. You do not have sufficient permission to perform this operation on the object.
These users receive this error message even though the universal security group has been granted permissions on the public folder.

CAUSE

Only users with accounts that are located in a mixed mode Microsoft Windows 2000 domain who are also members of a universal security group that is located in a native mode Windows 2000 domain are affected by this problem. This problem may occur if the mixed mode domain accounts are attempting to gain access to public folders that are located on an Exchange 2000 server in the native mode domain. The Microsoft Windows NT Security Identifier (SID) information for the universal security group is not added to the account token of the user in a mixed mode Windows 2000 domain when the user attempts to gain access to the public folders.

RESOLUTION

To resolve this problem, obtain the latest service pack for Microsoft Exchange 2000 Server. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
301378 XGEN: How to Obtain the Latest Exchange 2000 Server Service Pack

WORKAROUND

To work around this problem, grant the user accounts in the mixed mode domain explicit rights to the public folders; if you do so, the accounts are allowed access to the public folders. The accounts are only denied access if they are a member of a universal security group that has permissions on the public folders.

STATUS

Microsoft has confirmed that this is a problem in Microsoft Exchange 2000 Server. This problem was first corrected in Microsoft Exchange 2000 Server Service Pack 3.

MORE INFORMATION

For additional information about token creation, click the article number below to view the article in the Microsoft Knowledge Base:
216970 Global Catalog Server Requirement for User and Computer Logon

Properties

Article ID: 318246 - Last Review: October 24, 2013 - Revision: 4.4
APPLIES TO
  • Microsoft Exchange 2000 Server Service Pack 2
Keywords: 
kbnosurvey kbarchive kbhotfixserver kbqfe kbbug kberrmsg kbexchange2000presp3fix kbexchange2000sp3fix kbfix KB318246

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com