Microsoft KB Archive/313866

= You Cannot Create a New Public Folder in Exchange 2000 Server or in Exchange Server 2003 =

Article ID: 313866

Article Last Modified on 10/25/2007

-

APPLIES TO


 * Microsoft Exchange 2000 Server Standard Edition
 * Microsoft Exchange Server 2003 Enterprise Edition

-



This article was previously published under Q313866



SYMPTOMS
When you try to use Microsoft Outlook to create a public folder, you may receive the following error message:

Unable to create the folder. You do not have sufficient permission to perform this operation on this object. See the folder contact or your system administrator.

A warning message that is similar to the following may also be logged in the Application event log (where  is the name of the server,   is the name of the Exchange 2000 or Exchange 2003 organization, and   is the name of the administrative group):

Event Type: Warning

Event Source: MSExchangeIS Public Store

Event Category: Access Control

Event ID: 1030

Date: 20/09/2001

Time: 9:23:02 AM

User: N/A

Computer:

Description:

adam.barr@adatum.com failed an operation on folder /O= /OU= /CN=RECIPIENTS/CN=MESSAGING80002AA911CFEB91F24FF7950D20925F02268E on database &quot;First Storage Group\Public Folder Store &quot; because the user did not have the following access rights:

'Delete' 'Read Property' 'Write Property' 'Create Message' 'View Item' 'Create Subfolder' 'Write Security Descriptor' 'Write Owner' 'Read Security Descriptor' 'Contact'

The data section of this warning message contains the entry ID of the folder. In Exchange System Manager, if you right-click the folder, the shortcut menu command to create public folders may not exist. You may also be prompted for Hypertext Transfer Protocol (HTTP) authentication when you try to expand the public folder tree in Exchange System Manager.



CAUSE
This issue may occur if the permissions of the following object are not correctly configured and are different from the permissions of the root public folder tree as viewed in Exchange System Manager (where  is the name of the Exchange 2000 organization and   is the name of the administrative group):

CN=Public Folders,CN=Folder Hierarchies,CN= ,CN=Administrative Groups,CN= ,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC= ,DC=com

The Everyone group is set with an explicit Deny for the Create public folder or Create top level public folder permissions.



RESOLUTION
To resolve this issue, configure the permissions correctly. To do so, you have to use the ADSI Edit snap-in.

WARNING: If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Exchange 2000 Server, or both. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.

To configure the permissions:  Start ADSI Edit. In the CN=Configuration container, locate the following container (where  is the name of your Exchange 2000 or Exchange 2003 organization and   is the name of your administrative group):

CN=Services,CN=Microsoft Exchange,CN= ,CN=Administrative Groups,CN= ,CN=Folder Hierarchies,CN=Public Folders

 Right-click CN=Public Folders, and then click Properties. Click the Security tab. Make sure that the Allow inheritable permissions from parent to propagate to this object check box is selected. Make sure that the Everyone group has the following Allow permissions:

 Create named properties in the information store</li> Create public folder</li> Create top level public folder</li></ul>

If the Allow inheritable permissions from parent to propagate to this object check box is selected, the Everyone group should already have these permissions. Make sure that the Deny check boxes are not selected.</li></ol>

<div class="moreinformation_section">

MORE INFORMATION
You can use Exchange System Manager to view and change the permissions to create public folders; permissions that you modify in Exchange System Manager should contain essentially the same permissions as the CN=Public Folders object in Active Directory. However, if permissions are modified externally, the permissions may be out of synchronization. Deny overrides all Allow permissions.

Additional query words: exch2kp2w XADM

Keywords: kberrmsg kbprb KB313866

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.