Consider the following scenario. You grant “Receive as” permissions to a specified Microsoft Exchange Server 2007 account in an Exchange Server 2007 organization, storage group, store, or server. To do this, you use the Add-ADPermission cmdlet or the Active Directory Service Interfaces (ADSI) edit tool.
Then, the specified account tries to open another mailbox by using Microsoft Office Outlook Web Access or Microsoft Exchange Server 2007 Web Services.
In this scenario, the specified account receives the following error message:
You do not have permissions to open this Mailbox. Contact Exchange Administrator for more information.
This problem occurs because only the mailbox security descriptor is verified when the underlying components are shared by Outlook Web Access and by Exchange Web Services.
If permissions were granted to server-level objects, the permissions are not merged with the mailbox security descriptor. This condition occurs when the access verification is denied in Outlook Web Access and in Exchange Web Services.
To work around this problem, use one of the following methods:
Use impersonation in Exchange Web Services to access other accounts.
Grant mailbox permissions on the existing mailboxes by using the Add-MailboxPermission cmdlet or by using the Active Directory Users and Computers snap-in.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
This issue does not affect the Outlook client or the development of APIs such as MAPI, CDO, or WebDAV. The specified account can successfully access another mailbox by using Outlook, MAPI, CDO, or WebDAV.
The specified account receives the error message that is mentioned in the "Symptoms" section only when you use Outlook Web Access or Exchange Web Services to access other mailboxes.
For more information, visit the following Microsoft Web sites: