Using security groups to set calendar permissions does not work in an Exchange resource forest

Symptoms
Consider the following scenario:
  • You have a resource forest and an account forest in a Microsoft Exchange Server environment.
  • A user in the account forest has a linked mailbox (MB1) in the resource forest.
  • You create a mailbox (MB2) in the resource forest.
  • You add MB1 to a mail-enabled security group in the resource forest.
  • You grant the Free/Busy time, subject, location permission for the Calendar folder of MB2 to the security group.
  • The user logs on to MB1 and creates a meeting request, and then clicks the Scheduling Assistant tab in Microsoft Outlook.
  • The user adds MB2 as an attendee.
In this scenario, the user cannot see the details of existing appointments of MB2.
Cause
This issue occurs because the user is not recognized as a member of the security group. Therefore, only default permissions are applied to the user.
Resolution
To resolve this issue, add a UseDisabledAccount key in the web.config file. To do this, follow these steps:
  1. Open the web.config file in the following locations:
    • %ExchangeInstallPath%\ClientAccess\Owa\web.config
    • %ExchangeInstallPath%\ClientAccess\exchweb\Ews\web.config
  2. Change the code in the web.config file as follows:
    <appSettings> // Add the following line.       <add key="UseDisabledAccount" value="1" /> </appSettings>
  3. Recycle the MSExchangeOWAAppPool and MSExchangeServicesAppPool application pools. Or, run the iisreset command to reset Internet Information Services (IIS).
Note For Exchange 2010, apply the following update rollup or a later one:

          2866475 Description of Update Rollup 2 for Exchange Server 2010 Service Pack 3  
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
More information
For more information about how to create a linked mailbox, go to the following Microsoft website:For more information about the Free/Busy time, subject, location permission, go to the following Microsoft website:For more information about how to recycle an application pool, go to the following Microsoft website:
Properties

Article ID: 2882961 - Last Review: 03/07/2016 18:16:00 - Revision: 2.0

Microsoft Exchange Server 2010 Service Pack 3, Exchange Server 2016 Enterprise Edition, Exchange Server 2016 Standard Edition, Microsoft Exchange Server 2013 Enterprise, Microsoft Exchange Server 2013 Standard

  • kbqfe kbfix kbsurveynew kbexpertiseinter KB2882961
Feedback