Microsoft KB Archive/318246

= XADM: The Members of a Universal Security Group Are Denied Access to Public Folders =

Article ID: 318246

Article Last Modified on 10/28/2006

-

APPLIES TO


 * Microsoft Exchange 2000 Server Service Pack 2

-



This article was previously published under Q318246





SYMPTOMS
After you apply Exchange 2000 Service Pack 2 (SP2), users who are members of universal security groups may not be able to gain access to public folders on Exchange 2000 Server. Such users may receive the following error message:

Unable to display the folder. You do not have sufficient permission to perform this operation on the object.

These users receive this error message even though the universal security group has been granted permissions on the public folder.



CAUSE
Only users with accounts that are located in a mixed mode Microsoft Windows 2000 domain who are also members of a universal security group that is located in a native mode Windows 2000 domain are affected by this problem. This problem may occur if the mixed mode domain accounts are attempting to gain access to public folders that are located on an Exchange 2000 server in the native mode domain. The Microsoft Windows NT Security Identifier (SID) information for the universal security group is not added to the account token of the user in a mixed mode Windows 2000 domain when the user attempts to gain access to the public folders.



RESOLUTION
To resolve this problem, obtain the latest service pack for Microsoft Exchange 2000 Server. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

301378 XGEN: How to Obtain the Latest Exchange 2000 Server Service Pack



WORKAROUND
To work around this problem, grant the user accounts in the mixed mode domain explicit rights to the public folders; if you do so, the accounts are allowed access to the public folders. The accounts are only denied access if they are a member of a universal security group that has permissions on the public folders.



STATUS
Microsoft has confirmed that this is a problem in Microsoft Exchange 2000 Server. This problem was first corrected in Microsoft Exchange 2000 Server Service Pack 3.



MORE INFORMATION
For additional information about token creation, click the article number below to view the article in the Microsoft Knowledge Base:

216970 Global Catalog Server Requirement for User and Computer Logon

Additional query words: E2K PF DL AD GC DC Augmentation USGs exch2kp2w

Keywords: kbhotfixserver kbqfe kbbug kberrmsg kbexchange2000presp3fix kbexchange2000sp3fix kbfix KB318246

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.