I have an old Windows 2003 Server running Exchange 2003. A few weeks ago, I noticed that somehow some users lose privileges.
Examples:
- I allow a certain user to read the mail boxes of another user. As a result of that a third user loses that privilege.
- After a reboot almost everytime one user loses some privilege. They are mostly related to Exchange, because that's were we notice it immediately, but also local server privileges are lost. (See next item)
- Logging on as "Administrator" I cannot run the "Software" applet from the control panel. I have to use "Run As" to run it. Then I choose the "Administrator" account (no mistake!) and it works.
My question:
- What could produce such problems? Is this a single problems or is it likely that there is more than one problem producing similar symptoms?
Sounds like Active Directory issues, and as Exchange 2003 is tightly integrated with AD that is what I would be looking at.
Check the DC health using DCDIAG
How many DCs are in the network, are there replication problems between them at all (if multiple)? What is hardware health like? It certainly sounds weird which may indicate something corrupt somewhere.
Most likely there is an issue with AD consistency.
You should run
repadmin /replsummary
andrepadmin /showrepl
on each of the DCs to check that replication is occurring. If it is not, use the/replicate
option to that same command to force replication; if it does not work, solve the issue that is preventing it.Most likely these problems are DNS related.
It's also possible that you have data corruption on one DC. The easiest way to fix that is to find the DC which has different data for affected users than other DCs, demote it, and make a new one.