>

Exchange 2007 or 2010 migration fails with: Access control list (ACL) inheritance is blocked

The setup of Exchange 2007, Exchange 2010 or even SBS 2008 stops with the error “Access control list (ACL) inheritance is blocked”

Solution: Exchange setup requires that permission inheritance is enabled for the following objects:
Exchange Organization object, Exchange Administrative Group object, Exchange Servers container object, Exchange Address List object, Exchange Public Folder object and Exchange Public Folder tree object.

For Exchange 2003 start Exchange system manager and goto the objects and right click and choose properties, then on the security tab choose advanced and make sure “Allow inheritable permissions from the parent to propagate to this object and all child objects” is enabled. After that restart the Exchange server.

If security tab isn’t available you have to create the following registry value:
Value Name: ShowSecurityPage, Data Type: REG_DWORD, Radix: Binary, Value: 1 At the HKEY_CURRENT_USER\Software\Microsoft\Exchange\EXAdmin key.

For Exchange 2007 and 2010 use adsiedit, and browse to the object you want to change. Right click and choose properties, then on the security tab choose advanced and make sure “Allow inheritable permissions from the parent to propagate to this object and all child objects” is enabled. Wait till Active Directory replication has replicated the changes.

Posted in Blog, Exchange 2007, Exchange 2010, SBS 2008 by ronnypot at September 17th, 2010.
Tags: , , ,

Leave a Reply

Sharing Buttons by Linksku