ADSI Edit Summary page | ADSI Edit Advanced view, View/Edit tab | ACL entries applied to a given object | Binary value (access mask in LDP) |
---|---|---|---|
Full Control | Full Control | WRITE_OWNER | WRITE_DAC | READ_CONTROL | DELETE | ACTRL_DS_CONTROL_ACCESS | ACTRL_DS_LIST_OBJECT | ACTRL_DS_DELETE_TREE | ACTRL_DS_WRITE_PROP | ACTRL_DS_READ_PROP | ACTRL_DS_SELF | ACTRL_DS_LIST | ACTRL_DS_DELETE_CHILD | ACTRL_DS_CREATE_CHILD | 0x000F01FF |
Read | List Contents + Read All Properties + Read Permissions | ACTRL_DS_LIST | ACTRL_DS_READ_PROP | READ_CONTROL | 0x00020014 |
Write | Write All Properties + All Validated Writes | ACTRL_DS_WRITE_PROP | ACTRL_DS_SELF | 0x00000028 |
List Contents | ACTRL_DS_LIST | 0x00000004 | |
Read All Properties | ACTRL_DS_READ_PROP | 0x00000010 | |
Write All Properties | ACTRL_DS_WRITE_PROP | 0x00000020 | |
Delete | DELETE | 0x00010000 | |
Delete Subtree | ACTRL_DS_DELETE_TREE | 0x00000040 | |
Read Permissions | READ_CONTROL | 0x00020000 | |
Modify Permissions | WRITE_DAC | 0x00040000 | |
Modify Owner | WRITE_OWNER | 0x00080000 | |
All Validated Writes | ACTRL_DS_SELF | 0x00000008 | |
All Extended Rights | ACTRL_DS_CONTROL_ACCESS | 0x00000100 | |
Create All Child Objects | Create All Child Objects | ACTRL_DS_CREATE_CHILD | 0x00000001 |
Delete All Child Objects | Delete All Child Objects | ACTRL_DS_DELETE_CHILD | 0x00000002 |
ACTRL_DS_LIST_OBJECT | 0x00000080 |
Setup /PrepareAD
command.Account | ACE type | Inheritance | Permissions | On property/ Applies to | Comments |
---|---|---|---|---|---|
Installation Account | Allow ACE | All | Full Control | This is the account that is used to run /PrepareAD . | |
Organization Management | Allow ACE | All | Full Control | ||
Exchange Trusted Subsystem | Allow ACE | All | Full Control | ||
Exchange Servers | Allow ACE | All | Read | ||
Authenticated Users | Allow ACE | None | Read Property List Contents | ||
Exchange Trusted Subsystem | Allow ACE | All | Modify Permissions | msExchSmtpRceiveConnector | |
Public Folder Management | Allow ACE | All | Read List Object | ||
Delegated Setup | Allow ACE | All | Read List Object |
Account | ACE type | Inheritance | Permissions | On property/ Applies to |
---|---|---|---|---|
Exchange Servers | Allow ACE | All | Read |
Account(s) | ACE type | Inheritance | Permissions | On property/ Applies to | Comments |
---|---|---|---|---|---|
Enterprise Admins Root Domain Admins Installation Account Organization Management | Deny ACE | All | Send As Receive As | Windows administrators aren't allowed to open mailboxes. | |
Enterprise Admins Schema Admins Root Domain Admins Installation Account Organization Management | Deny ACE | All | Exchange Web Services Impersonation Exchange Web Services Token Serialization | Extended right | |
Enterprise Admins Schema Admins Root Domain Admins Installation Account | Deny ACE | All | Store Transport Access Store Constrained Delegation Store Read Access Store Read Write Access | ||
Local System | Allow | All | All Extended Rights | ||
Authenticated Users | Deny ACE | Desc | Read Property | msExchAvailabilityUserPassword / msExchAvailabilityAddressSpace | |
Authenticated Users | Allow | None | Read | ||
Organization Management | Allow ACE | All | Read Permissions List Contents Read Property List Object | ||
Public Folder Management | Allow ACE | All | Read Permissions List Contents Read Property List Object | ||
NT AuthorityNetwork Service | Allow ACE | All | Read | ||
Managed Availability Servers | Allow ACE | All | Read Permissions List Contents Read Property List Object | ||
Exchange Servers | Allow ACE | All | All Extended Rights | ||
Exchange Servers | Allow ACE | All | Write Property | groupType | |
Exchange Servers | Allow ACE | All | Write Property | msExchOwningServer | |
Exchange Servers | Allow ACE | All | Write Property | msExchMailboxSecurityDescriptor | |
Exchange Servers | Allow ACE | All | Write Property | msExchUMServerWritableFlags | |
Exchange Servers | Allow ACE | All | Write Property | msExchDatabaseCreated | |
Exchange Servers | Allow ACE | All | Write Property | msExchUserCulture | |
Exchange Servers | Allow ACE | All | Write Property | msExchMobileMailboxFlags | |
Exchange Servers | Allow ACE | All | Write Property | siteFolderGUID | |
Exchange Servers | Allow ACE | All | Write Property | siteFolderServer | |
Exchange Servers | Allow ACE | All | Write Property | msExchEDBOffline | |
Exchange Servers | Allow ACE | All | Write Property | userCertificate | |
Exchange Servers | Allow ACE | All | Write Property | msExchUMDtmfMap | |
Exchange Servers | Allow ACE | All | Write Property | msExchBlockedSendersHash | |
Exchange Servers | Allow ACE | All | Write Property | Personal Information | |
Exchange Servers | Allow ACE | All | Write Property | Public Information | |
Exchange Servers | Allow ACE | All | Write Property | Exchange Information | |
Exchange Servers | Allow ACE | All | Write Property | msExchPatchMDB | |
Exchange Servers | Allow ACE | All | Write Property | publicDelegates | |
Exchange Servers | Allow ACE | All | Write Property | msExchUMSpokenName | |
Exchange Servers | Allow ACE | All | Write Property | msExchUMPinChecksum | |
Exchange Servers | Allow ACE | All | Write Property | legacyExchangeDN | |
Exchange Servers | Allow ACE | All | Write Property | msExchSafeSendersHash | |
Exchange Servers | Allow ACE | All | Write Property | thumbnailPhoto | |
Organization Management | Allow ACE | All | Create top level public folder | ||
Public Folder Management | Allow ACE | All | Create top level public folder | ||
Organization Management | Allow ACE | All | View information store status | ||
Public Folder Management | Allow ACE | All | View information store status | ||
Organization Management | Allow ACE | All | Administer information store | ||
Public Folder Management | Allow ACE | All | Administer information store | ||
Organization Management | Allow ACE | All | Create named properties in the information store | ||
Public Folder Management | Allow ACE | All | Create named properties in the information store | ||
Organization Management | Allow ACE | All | Modify public folder ACL | ||
Public Folder Management | Allow ACE | All | Modify public folder ACL | ||
Organization Management | Allow ACE | All | Modify public folder quotas | ||
Public Folder Management | Allow ACE | All | Modify public folder quotas | ||
Organization Management | Allow ACE | All | Modify public folder admin ACL | ||
Public Folder Management | Allow ACE | All | Modify public folder admin ACL | ||
Organization Management | Allow ACE | All | Modify public folder expiry | ||
Public Folder Management | Allow ACE | All | Modify public folder expiry | ||
Organization Management | Allow ACE | All | Modify public folder replica list | ||
Public Folder Management | Allow ACE | All | Modify public folder replica list | ||
Organization Management | Allow ACE | All | Modify public folder deleted item retention | ||
Public Folder Management | Allow ACE | All | Modify public folder deleted item retention | ||
Organization Management | Allow ACE | All | Create public folder | ||
Public Folder Management | Allow ACE | All | Create public folder | ||
Public Folder Management | Allow ACE | All | Mail Enable Public Folder | ||
Everyone NT AuthorityAnonymous Logon | Allow ACE | All | Create named properties in the information store | ||
Everyone NT AuthorityAnonymous Logon | Allow ACE | All | Create public folder | ||
Everyone NT AuthorityAnonymous Logon | Allow ACE | Desc | Read Permissions List Contents Read Property List Object | / msExchPrivateMDB | |
Everyone NT AuthorityAnonymous Logon | Allow ACE | Desc | Read Permissions List Contents Read Property List Object | / msExchPublicMDB | |
Exchange Servers | Allow ACE | Desc | Read Permissions List Contents Read Property List Object | / siteAddressing |
Account | ACE type | Inheritance | Permissions | On property/ Applies to |
---|---|---|---|---|
Authenticated Users | Allow ACE | All | List Contents | |
Organization Management | Allow ACE | All | Write Property | msExchLastAppliedRecipientFilter msExchRecipientFilterFlags |
Public Folder Management | Allow ACE | All | Write Property | msExchLastAppliedRecipientFilter msExchRecipientFilterFlags |
Account | ACE type | Inheritance | Permissions | On property/ Applies to |
---|---|---|---|---|
Authenticated Users | Allow ACE | All | Download Offline Address Book |
Account | ACE type | Inheritance | Permissions | On property/ Applies to |
---|---|---|---|---|
Authenticated users | Allow ACE | All | Read |
Account | ACE type | Inheritance | Permissions | On property/ Applies to |
---|---|---|---|---|
Organization Management | Allow ACE | All | Write Property | msExchLastAppliedRecipientFilter msExchRecipientFilterFlags |
Public Folder Management | Allow ACE | All | Write Property | msExchLastAppliedRecipientFilter msExchRecipientFilterFlags |
Setup /PrepareAD
command on various containers within the configuration partition.Account | ACE type | Inheritance | Permissions | On property/ Applies to |
---|---|---|---|---|
Organization Management Exchange Trusted Subsystem | Allow ACE | All | Write Property | msExchVersion / site |
Organization Management Exchange Trusted Subsystem | Allow ACE | All | Write Property | msExchVersion / site-link |
Organization Management Exchange Trusted Subsystem | Allow ACE | All | Write Property | msExchPartnerId / site |
Organization Management Exchange Trusted Subsystem | Allow ACE | All | Write Property | msExchMinorPartnerId / site |
Organization Management Exchange Trusted Subsystem | Allow ACE | All | Write Property | msExchResponsibleforSites / site |
Organization Management Exchange Trusted Subsystem | Allow ACE | Write Property | msExchTransportSiteFlags / site | |
Organization Management Exchange Trusted Subsystem | Allow ACE | All | Write Property | msExchCost / site-link |
Organization Management Exchange Trusted Subsystem Local System Exchange Servers | Allow ACE | Desc | Read Permissions List Contents Read Property List Object | / msExchEdgeSyncEHFConnector |
Organization Management Exchange Trusted Subsystem Local System Exchange Servers | Allow ACE | Desc | Read Permissions List Contents Read Property List Object | / msExchEdgeSyncMservConnector |
Organization Management Exchange Trusted Subsystem | Allow ACE | Children | Create Child Delete Child Delete Tree | msExchEdgeSyncServiceConfig / site |
Organization Management Exchange Trusted Subsystem Local System Exchange Servers | Allow ACE | Desc | Read Permissions List Contents Read Property List Object | / msExchEdgeSyncServiceConfig |
Organization Management Exchange Trusted Subsystem | Allow ACE | Children | Create Child Delete Child Delete Tree | msExchEdgeSyncMservConnector / msExchEdgeSyncServiceConfig |
Organization Management Exchange Trusted Subsystem | Allow ACE | Children | Create Child Delete Child Delete Tree | msExchEdgeSyncEHFConnector / msExchEdgeSyncServiceConfig |
Account | ACE type | Inheritance | Permissions | On property/ Applies to | Comments |
---|---|---|---|---|---|
Exchange Servers | Allow ACE | All | List Contents | ||
Organization Administration | Allow ACE | All | Read List Object | ||
Installation Account | Allow ACE | All | Read Permission Write Permission List Contents Read Property List Object | This is the account that is used to run /PrepareAD . | |
Exchange Trusted Subsystem | Allow ACE | All | Read List Object | ||
Network Service | Allow ACE | All | List Contents |
Setup /PrepareAD
command also configures the following permissions on the administrative groups within the organization.Account | ACE type | Inheritance | Permissions | On property/ Applies to | Comments |
---|---|---|---|---|---|
Organization Management | Allow ACE | Desc | Access Recipient Update Service | msExchExchangeServer | Allows Exchange Recipient Administrators to stamp recipients with proxy address information. |
Local System | Allow ACE | Desc | Access Recipient Update Service | msExchExchangeServer | Allows the servers to stamp recipients with proxy address information. |
Public Folder Management | Allow ACE | Desc | Access Recipient Update Service | msExchExchangeServer | Allows Exchange Public Folder Administrators to stamp recipients with proxy address information. |
Account | ACE type | Inheritance | Permissions | On property/ Applies to |
---|---|---|---|---|
Authenticated Users | Allow ACE | None | List Contents |
Account | ACE type | Inheritance | Permissions | On property/ Applies to |
---|---|---|---|---|
Authenticated Users | Allow ACE | None | Read Property |
Account | ACE type | Inheritance | Permissions | On property/ Applies to |
---|---|---|---|---|
Authenticated Users | Allow ACE | None | List Contents |
Account | ACE type | Inheritance | Permissions | On property/ Applies to |
---|---|---|---|---|
Authenticated Users | Allow ACE | None | List Contents |
Account | ACE type | Inheritance | Permissions | On property/ Applies to |
---|---|---|---|---|
Authenticated Users | Allow ACE | None | List Contents |
Account | ACE type | Inheritance | Permissions | On property/ Applies to | Comments |
---|---|---|---|---|---|
Exchange Servers | Deny ACE | All | Receive As | Exchange Servers aren't allowed to open mailboxes. | |
Authenticated Users | Allow ACE | None | List Contents |
Account | ACE type | Inheritance | Permissions | On property/ Applies to |
---|---|---|---|---|
Organization Management | Allow ACE | All | Full Control | |
Exchange Trusted Subsystem | Allow ACE | All | Create Child | / Group |
Exchange Trusted Subsystem | Allow ACE | Desc | Delete | / group |
Exchange Trusted Subsystem | Allow ACE | Desc | Write Property | Member / group |
Account | ACE type | Inheritance | Permissions | On property/ Applies to |
---|---|---|---|---|
Organization Management | Allow ACE | All | Full Control |
Account | ACE type | Inheritance | Permissions | On property/ Applies to |
---|---|---|---|---|
Organization Management | Allow ACE | All | Full Control |
Account | ACE type | Inheritance | Permissions | On property/ Applies to |
---|---|---|---|---|
Organization Management | Allow ACE | All | Full Control |
Account | ACE type | Inheritance | Permissions | On property/ Applies to |
---|---|---|---|---|
Organization Management | Allow ACE | All | Full Control | |
Root Domain Administrators | Allow ACE | All | Read Members Write Members | |
Child Domain Administrators | Allow ACE | All | Read Members Write Members |
Setup /PrepareDomain
command.Account | ACE type | Inheritance | Permissions | On property/ Applies to | Comments |
---|---|---|---|---|---|
Authenticated Users | Allow ACE | All | Read Property | Exchange Information | |
NT AUTHORITYNETWORK | Allow ACE | All | Read Property | Exchange Personal Information | Grants Transport service read permissions. |
Exchange Servers | Allow ACE | All | Write Property | groupType | |
Exchange Servers | Allow ACE | All | Write Property | msExchMailboxSecurityDescriptor | |
Exchange Servers | Allow ACE | All | Write Property | msExchUMServerWritableFlags | |
Exchange Servers | Allow ACE | All | Read Property | Exchange Personal Information | |
Exchange Servers | Allow ACE | All | Read Property | Exchange Information | |
Exchange Servers | Allow ACE | All | Write Property | msExchUserCultulre | |
Exchange Servers | Allow ACE | All | Read Property | memberOf | |
Exchange Servers | Allow ACE | All | Read Property | garbageCollPeriod | |
Exchange Servers | Allow ACE | All | Read Property | userAccountControl | |
Exchange Servers | Allow ACE | All | Read Property | canonicalName | |
Exchange Servers | Allow ACE | All | Replication Synchronization | Extended right | |
Exchange Servers | Allow ACE | All | Create Child Delete Chile List Children | msExchActiveSyncDevices / User | |
Exchange Servers | Allow ACE | All | Create Child Delete Child List Children | msExchActiveSyncDevices / inetOrgPerson | |
Exchange Servers | Allow ACE | All | Write Property | msExchSafeSendersHash | |
Exchange Servers | Allow ACE | All | Write Property | msExchPublicDelegates | |
Exchange Servers | Allow ACE | All | Write Property | msExchMobileMailboxFlags | |
Exchange Servers | Allow ACE | All | Write Property | msExchSafeRecipientsHash | |
Exchange Servers | Allow ACE | All | Write Property | userCertificate | |
Exchange Servers | Allow ACE | All | Write Property | msExchUMDtmfMap | |
Exchange Servers | Allow ACE | All | Write Property | msExchBlockedSendersHash | |
Exchange Servers | Allow ACE | All | Write Property | msExchUMSpokenName | |
Exchange Servers | Allow ACE | All | Write Property | msExchUMPinChecksum | |
Exchange Servers | Allow ACE | All | Write Property | thumbnailPhoto | |
Organization Management | Allow ACE | All | Read List Object | ||
Organization Management | Allow ACE | All | Write Property | Exchange Information | |
Organization Management | Allow ACE | All | Write Property | garbageCollPeriod | |
Organization Management | Allow ACE | All | Write Property | legacyExchangeDN | |
Organization Management | Allow ACE | All | Write Property | msExchPublicDelegates | |
Organization Management | Allow ACE | All | Write Property | textEncodedORAddress | |
Organization Management | Allow ACE | All | Write Property | proxyAddresses | |
Organization Management | Allow ACE | All | Write Property | mail | |
Organization Management | Allow ACE | All | Write Property | displayNamePrintable | |
Organization Management | Allow ACE | All | Write Property | showInAddressBook | |
Organization Management | Allow ACE | All | Write Property | Exchange Personal Information | |
Organization Management | Allow ACE | All | Full Control | / msExchDynamicDistributionList | |
Organization Management | Allow ACE | All | Write Property | adminDisplayName | |
Organization Management | Allow ACE | All | Write Property | displayName | |
Exchange Trusted Subsystem | Allow ACE | All | Read List Object | ||
Exchange Trusted Subsystem | Allow ACE | All | Write Property | displayName | |
Exchange Trusted Subsystem | Allow ACE | All | Write Property | Public Information | |
Exchange Trusted Subsystem | Allow ACE | All | Write Property | msExchPublicDelegates | |
Exchange Trusted Subsystem | Allow ACE | All | Write Property | adminDisplayName | |
Exchange Trusted Subsystem | Allow ACE | All | Full Control | / msExchDynamicDistributionList | |
Exchange Trusted Subsystem | Allow ACE | All | Write Property | Exchange Information | |
Exchange Trusted Subsystem | Allow ACE | All | Write Property | Exchange Personal Information | |
Exchange Trusted Subsystem | Allow ACE | All | Write Property | garbageCollPeriod | |
Exchange Trusted Subsystem | Allow ACE | All | Write Property | textEncodedORAddress | |
Exchange Trusted Subsystem | Allow ACE | All | Write Property | showInAddressBook | |
Exchange Trusted Subsystem | Allow ACE | All | Write Property | legacyExchangeDN | |
Exchange Trusted Subsystem | Allow ACE | All | Write Property | Personal Information | |
Exchange Trusted Subsystem | Allow ACE | All | Write Property | proxyAddresses | |
Exchange Trusted Subsystem | Allow ACE | All | Write Property | displayNamePrintable | |
Exchange Trusted Subsystem | Allow ACE | All | Write Property | mail | |
Exchange Windows Permissions | Allow ACE | All | Write Property | pwdLastSet | |
Exchange Windows Permissions | Allow ACE | All | WriteDACL | / user | |
Exchange Windows Permissions | Allow ACE | All | WriteDACL | / inetOrgPerson | |
Exchange Windows Permissions | Allow ACE | All | Delete Tree | / user | |
Exchange Windows Permissions | Allow ACE | All | Delete Tree | / inetOrgPerson | |
Exchange Windows Permissions | Allow ACE | All | Write Property | sAMAccountName | |
Exchange Windows Permissions | Allow ACE | All | Create Child Delete | / contact | |
Exchange Windows Permissions | Allow ACE | All | Create Child Delete | / inetOrgPerson | |
Exchange Windows Permissions | Allow ACE | All | Create Child Delete | / user | |
Exchange Windows Permissions | Allow ACE | All | Create Child Delete | / organizationUnit | |
Exchange Windows Permissions | Allow ACE | All | Create Child Delete | / group | |
Exchange Windows Permissions | Allow ACE | All | Create Child Delete Child | / computer | |
Exchange Windows Permissions | Allow ACE | All | Write Property | Member | |
Exchange Windows Permissions | Allow ACE | All | Write Property | wwwHomePage | |
Exchange Windows Permissions | Allow ACE | All | Write Property | countryCode | |
Exchange Windows Permissions | Allow ACE | All | Write Property | userAccountControl | |
Exchange Windows Permissions | Allow ACE | All | Write Property | managedBy | |
Exchange Windows Permissions | Allow ACE | All | Reset Password on Next Logon | Extended right | |
Exchange Windows Permissions | Allow ACE | All | Change Password | / user | Extended right |
Delegated Setup | Allow ACE | All | Read Property | User Account Restrictions |
Account | ACE type | Inheritance | Permissions | On property/ Applies to | Comments |
---|---|---|---|---|---|
Authenticated Users | Allow ACE | All | Read Property | Exchange Information | |
NT AUTHORITYNETWORK | Allow ACE | All | Read Property | Exchange Personal Information | Grants Transport service read permissions. |
Exchange Servers | Allow ACE | All | Write Property | groupType | |
Exchange Servers | Allow ACE | All | Write Property | msExchMailboxSecurityDescriptor | |
Exchange Servers | Allow ACE | All | Write Property | msExchUMServerWritableFlags | |
Exchange Servers | Allow ACE | All | Read Property | Exchange Personal Information | |
Exchange Servers | Allow ACE | All | Read Property | Exchange Information | |
Exchange Servers | Allow ACE | All | Write Property | msExchUserCultulre | |
Exchange Servers | Allow ACE | All | Read Property | memberOf | |
Exchange Servers | Allow ACE | All | Read Property | garbageCollPeriod | |
Exchange Servers | Allow ACE | All | Read Property | userAccountControl | |
Exchange Servers | Allow ACE | All | Read Property | canonicalName | |
Exchange Servers | Allow ACE | All | Replication Synchronization | Extended right | |
Exchange Servers | Allow ACE | All | Create Child Delete Chile List Children | msExchActiveSyncDevices / User | |
Exchange Servers | Allow ACE | All | Create Child Delete Child List Children | msExchActiveSyncDevices / inetOrgPerson | |
Exchange Servers | Allow ACE | All | Write Property | msExchSafeSendersHash | |
Exchange Servers | Allow ACE | All | Write Property | msExchPublicDelegates | |
Exchange Servers | Allow ACE | All | Write Property | msExchMobileMailboxFlags | |
Exchange Servers | Allow ACE | All | Write Property | msExchSafeRecipientsHash | |
Exchange Servers | Allow ACE | All | Write Property | userCertificate | |
Exchange Servers | Allow ACE | All | Write Property | msExchUMDtmfMap | |
Exchange Servers | Allow ACE | All | Write Property | msExchBlockedSendersHash | |
Exchange Servers | Allow ACE | All | Write Property | msExchUMSpokenName | |
Exchange Servers | Allow ACE | All | Write Property | msExchUMPinChecksum | |
Exchange Servers | Allow ACE | All | Write Property | thumbnailPhoto | |
Organization Management | Allow ACE | All | Read List Object | ||
Organization Management | Allow ACE | All | Write Property | Exchange Information | |
Organization Management | Allow ACE | All | Write Property | garbageCollPeriod | |
Organization Management | Allow ACE | All | Write Property | legacyExchangeDN | |
Organization Management | Allow ACE | All | Write Property | msExchPublicDelegates | |
Organization Management | Allow ACE | All | Write Property | textEncodedORAddress | |
Organization Management | Allow ACE | All | Write Property | proxyAddresses | |
Organization Management | Allow ACE | All | Write Property | mail | |
Organization Management | Allow ACE | All | Write Property | displayNamePrintable | |
Organization Management | Allow ACE | All | Write Property | showInAddressBook | |
Organization Management | Allow ACE | All | Write Property | Exchange Personal Information | |
Organization Management | Allow ACE | All | Full Control | / msExchDynamicDistributionList | |
Organization Management | Allow ACE | All | Write Property | adminDisplayName | |
Organization Management | Allow ACE | All | Write Property | displayName | |
Exchange Trusted Subsystem | Allow ACE | All | Read List Object | ||
Exchange Trusted Subsystem | Allow ACE | All | Write Property | displayName | |
Exchange Trusted Subsystem | Allow ACE | All | Write Property | Public Information | |
Exchange Trusted Subsystem | Allow ACE | All | Write Property | msExchPublicDelegates | |
Exchange Trusted Subsystem | Allow ACE | All | Write Property | adminDisplayName | |
Exchange Trusted Subsystem | Allow ACE | All | Full Control | / msExchDynamicDistributionList | |
Exchange Trusted Subsystem | Allow ACE | All | Write Property | Exchange Information | |
Exchange Trusted Subsystem | Allow ACE | All | Write Property | Exchange Personal Information | |
Exchange Trusted Subsystem | Allow ACE | All | Write Property | garbageCollPeriod | |
Exchange Trusted Subsystem | Allow ACE | All | Write Property | textEncodedORAddress | |
Exchange Trusted Subsystem | Allow ACE | All | Write Property | showInAddressBook | |
Exchange Trusted Subsystem | Allow ACE | All | Write Property | legacyExchangeDN | |
Exchange Trusted Subsystem | Allow ACE | All | Write Property | Personal Information | |
Exchange Trusted Subsystem | Allow ACE | All | Write Property | proxyAddresses | |
Exchange Trusted Subsystem | Allow ACE | All | Write Property | displayNamePrintable | |
Exchange Trusted Subsystem | Allow ACE | All | Write Property | mail | |
Exchange Windows Permissions | Allow ACE | All | Write Property | pwdLastSet | |
Exchange Windows Permissions | Allow ACE | All | Write Property | sAMAccountName | |
Exchange Windows Permissions | Allow ACE | All | Write Property | Member | |
Exchange Windows Permissions | Allow ACE | All | Write Property | wwwHomePage | |
Exchange Windows Permissions | Allow ACE | All | Write Property | countryCode | |
Exchange Windows Permissions | Allow ACE | All | Write Property | userAccountControl | |
Exchange Windows Permissions | Allow ACE | All | Write Property | managedBy | |
Delegated Setup | Allow ACE | All | Read Property | User Account Restrictions |
Account | ACE type | Inheritance | Permissions | On property/ Applies to |
---|---|---|---|---|
Exchange Servers | Allow ACE | All | List Contents |
Account | ACE type | Inheritance | Permissions | On property/ Applies to |
---|---|---|---|---|
NT AUTHORITYNETWORK | Allow ACE | All | Read Property List Contents Read Permissions | |
Authenticated Users | Allow ACE | All | Read Permissions | |
Authenticated Users | Allow ACE | All | Read Property | garbageCollPeriod |
Authenticated Users | Allow ACE | All | Read Property | adminDisplayName |
Authenticated Users | Allow ACE | All | Read Property | modifyTimeStamp |
Exchange Servers | Deny ACE | All | Delete Tree | |
Exchange Servers | Allow ACE | All | Read Permissions List Contents Read PropertyDelete Tree | |
Exchange Servers | Allow ACE | All | Create Child | / msExchSystemMailbox |
Exchange Servers | Allow ACE | All | Create Child Delete Child | / publicFolder |
Exchange Servers | Allow ACE | All | Create Child | / user |
Exchange Servers | Allow ACE | All | Delete Child | / msExchSystemMailbox |
Exchange Servers | Allow ACE | All | Delete Child | / user |
Exchange Servers | Allow ACE | Desc | Write Property | / publicFolder |
Exchange Servers | Allow ACE | Desc | Write Property | / msExchSystemMailbox |
Exchange Servers | Allow ACE | Desc | Write Property | / user |
Exchange Servers | Allow ACE | Desc | Change Password Reset Password on Next Logon | / user |
Organization Management | Allow ACE | All | Read Permissions List Contents Read Property | |
Organization Management | Allow ACE | Desc | Write Property | / msExchSystemMailbox |
Organization Management | Allow ACE | All | Create Child Delete Child | / msExchSystemMailbox |
Organization Management | Allow ACE | Desc | Write Property | / user |
Organization Management | Allow ACE | All | Create Child Delete Child | / user |
Organization Management | Allow ACE | Desc | Read Property Write Property | mail / publicFolder |
Organization Management | Allow ACE | Desc | Read Property Write Property | displayNamePrintable / publicFolder |
Organization Management | Allow ACE | Desc | Read Property Write Property | displayName / publicFolder |
Organization Management | Allow ACE | Desc | Read Property Write Property | textEncodedORAddress / publicFolder |
Organization Management | Allow ACE | Desc | Read Property Write Property | proxyAddresses / publicFolder |
Organization Management | Allow ACE | Desc | Read Property Write Property | cn / publicFolder |
Organization Management | Allow ACE | Desc | Read Property Write Property | showInAddressBook / publicFolder |
Organization Management | Allow ACE | Desc | Read Property Write Property | Exchange Information / publicFolder |
Organization Management | Allow ACE | Desc | Read Property Write Property | legacyExchangeDN / publicFolder |
Organization Management | Allow ACE | Desc | Read Property Write Property | Exchange Personal Information / publicFolder |
Organization Management | Allow ACE | Desc | Read Property Write Property | msDSPhoneticDisplayName / publicFolder |
Organization Management | Allow ACE | Desc | Read Property Write Property | msExchPFContacts / publicFolder |
Organization Management | Allow ACE | Desc | Read Property Write Property | garbageCollPeriod / publicFolder |
Organization Management | Allow ACE | Desc | Read Property Write Property | name / publicFolder |
Organization Management | Allow ACE | Desc | Read Property Write Property | msExchPublicDelegates / publicFolder |
Public Folder Management | Allow ACE | All | Read Permissions List Contents Read Property | |
Public Folder Management | Allow ACE | Desc | Read Property Write Property | mail / publicFolder |
Public Folder Management | Allow ACE | Desc | Read Property Write Property | displayNamePrintable / publicFolder |
Public Folder Management | Allow ACE | Desc | Read Property Write Property | displayName / publicFolder |
Public Folder Management | Allow ACE | Desc | Read Property Write Property | textEncodedORAddress / publicFolder |
Public Folder Management | Allow ACE | Desc | Read Property Write Property | proxyAddresses / publicFolder |
Public Folder Management | Allow ACE | Desc | Read Property Write Property | cn / publicFolder |
Public Folder Management | Allow ACE | Desc | Read Property Write Property | showInAddressBook / publicFolder |
Public Folder Management | Allow ACE | Desc | Read Property Write Property | Exchange Information / publicFolder |
Public Folder Management | Allow ACE | Desc | Read Property Write Property | legacyExchangeDN / publicFolder |
Public Folder Management | Allow ACE | Desc | Read Property Write Property | Exchange Personal Information / publicFolder |
Public Folder Management | Allow ACE | Desc | Read Property Write Property | msDSPhoneticDisplayName / publicFolder |
Public Folder Management | Allow ACE | Desc | Read Property Write Property | msExchPFContacts / publicFolder |
Public Folder Management | Allow ACE | Desc | Read Property Write Property | garbageCollPeriod / publicFolder |
Public Folder Management | Allow ACE | Desc | Read Property Write Property | name / publicFolder |
Public Folder Management | Allow ACE | Desc | Read Property Write Property | msExchPublicDelegates / publicFolder |
Exchange Trusted Subsystem | Allow ACE | All | Read Permissions List Contents Read Property | |
Exchange Trusted Subsystem | Allow ACE | Desc | Read Property Write Property | mail / publicFolder |
Exchange Trusted Subsystem | Allow ACE | Desc | Read Property Write Property | displayNamePrintable / publicFolder |
Exchange Trusted Subsystem | Allow ACE | Desc | Read Property Write Property | displayName / publicFolder |
Exchange Trusted Subsystem | Allow ACE | Desc | Read Property Write Property | textEncodedORAddress / publicFolder |
Exchange Trusted Subsystem | Allow ACE | Desc | Read Property Write Property | proxyAddresses / publicFolder |
Exchange Trusted Subsystem | Allow ACE | Desc | Read Property Write Property | cn / publicFolder |
Exchange Trusted Subsystem | Allow ACE | Desc | Read Property Write Property | showInAddressBook / publicFolder |
Exchange Trusted Subsystem | Allow ACE | Desc | Read Property Write Property | Exchange Information / publicFolder |
Exchange Trusted Subsystem | Allow ACE | Desc | Read Property Write Property | legacyExchangeDN / publicFolder |
Exchange Trusted Subsystem | Allow ACE | Desc | Read Property Write Property | Exchange Personal Information / publicFolder |
Exchange Trusted Subsystem | Allow ACE | Desc | Read Property Write Property | msDSPhoneticDisplayName / publicFolder |
Exchange Trusted Subsystem | Allow ACE | Desc | Read Property Write Property | msExchPFContacts / publicFolder |
Exchange Trusted Subsystem | Allow ACE | Desc | Read Property Write Property | garbageCollPeriod / publicFolder |
Exchange Trusted Subsystem | Allow ACE | Desc | Read Property Write Property | name / publicFolder |
Exchange Trusted Subsystem | Allow ACE | Desc | Read Property Write Property | msExchPublicDelegates / publicFolder |
Account | ACE type | Inheritance | Permissions | On property/ Applies to |
---|---|---|---|---|
Organization Management | Allow ACE | All | Full Control |
Account | ACE type | Inheritance | Permissions | On property/ Applies to | Comments |
---|---|---|---|---|---|
MACHINE$ | Allow ACE | All | Read Permissions List Contents Read Property List Object | ||
MACHINE$ | Allow ACE | None | Write Property | msExchServerSite msExchEdgeSyncCredential | |
Exchange Servers | Allow ACE | All | Store Transport Access Store Constrained Delegation Store Read Only Access Store Read and Write Access | Extended rights | |
NT AUTHORITYNETWORK | Allow ACE | All | Exchange Web Services Token Serialization | Extended right Only granted on Mailbox server role objects. | |
NT AUTHORITYNETWORK | Allow ACE | All | Read Permissions List Contents Read Property List Object | ||
Local System | Allow ACE | All | Read Permissions List Contents Read Property List Object | ||
Delegated Setup | Allow ACE | All | Full Control | ||
Delegated Setup | Deny ACE | All | Create Child Delete Child | / msExchPublicMDB | |
Authenticated Users | Allow ACE | All | Read Property | ||
Delegated Setup | Deny ACE | All | Receive As Send As | Extended right |
Account | ACE type | Inheritance | Permissions | On property/ Applies to |
---|---|---|---|---|
Authenticated Users | Allow ACE | None | Read Property |
Account | ACE type | Inheritance | Permissions | On property/ Applies to | Comments |
---|---|---|---|---|---|
Exchange Servers | Allow ACE | All | Write Property | ||
Authenticated Users | Allow ACE | None | Read Properties | ACE is defined in schema for msExchExchangeServer class objects defaultSecurityDescriptor . |
Account | ACE type | Inheritance | Permissions | On property/ Applies to | Comments |
---|---|---|---|---|---|
Exchange Servers | Allow ACE | Desc | Read Property | msExchAvailabilityUserPassword / msExchAvailabilityAddressSpaceObjects | Extended right |
Account | ACE type | Inheritance | Permissions | On property/ Applies to | Comments |
---|---|---|---|---|---|
ExchangeLegacyInterop | Deny ACE | All | Accept Forest Headers | ||
ExchangeLegacyInterop | Deny ACE | All | Accept Organization Headers | ||
Exchange Servers | Allow ACE | All | Accept Any Sender | ||
ExchangeLegacyInterop | Allow ACE | All | Accept Any Sender | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Accept Any Sender | This is the well-known security identifier (SID) for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Accept Any Sender | This is the well-known SID for Edge Transport servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-23 | Allow ACE | All | Accept Any Sender | This is the well-known SID for externally secured servers. | |
Exchange Servers | Allow ACE | All | Accept EXCH50 | ||
ExchangeLegacyInterop | Allow ACE | All | Accept EXCH50 | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Accept EXCH50 | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Accept EXCH50 | This is the well-known SID for Edge Transport servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-23 | Allow ACE | All | Accept EXCH50 | This is the well-known SID for externally secured servers. | |
Exchange Servers | Allow ACE | All | Submit Messages to any Recipient | ||
ExchangeLegacyInterop | Allow ACE | All | Submit Messages to any Recipient | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Submit Messages to any Recipient | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Submit Messages to any Recipient | This is the well-known SID for Edge Transport servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-23 | Allow ACE | All | Submit Messages to any Recipient | This is the well-known SID for externally secured servers. | |
Exchange Servers | Allow ACE | All | Accept XShadow | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Accept XShadow | This is the well-known SID for Edge Transport servers. | |
Exchange Servers | Allow ACE | All | Accept Routing Headers | ||
ExchangeLegacyInterop | Allow ACE | All | Accept Routing Headers | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Accept Routing Headers | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Accept Routing Headers | This is the well-known SID for Edge Transport servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-23 | Allow ACE | All | Accept Routing Headers | This is the well-known SID for externally secured servers. | |
Exchange Servers | Allow ACE | All | Accept XSessionParams | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Accept XSessionParams | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Accept XSessionParams | This is the well-known SID for Mailbox servers. | |
Exchange Servers | Allow ACE | All | Accept Forest Headers | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Accept Forest Headers | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Accept Forest Headers | This is the well-known SID for Edge Transport servers. | |
Exchange Servers | Allow ACE | All | Accept xAttr | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Accept xAttr | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Accept xAttr | This is the well-known SID for Edge Transport servers. | |
Exchange Servers | Allow ACE | All | Accept XProxyFrom | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Accept Forest XProxyFrom | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Accept Forest XProxyFrom | This is the well-known SID for Edge Transport servers. | |
Exchange Servers | Allow ACE | All | Accept XSysProbe | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Accept Forest XSysProbe | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Accept Forest XSysProbe | This is the well-known SID for Edge Transport servers. | |
Exchange Servers | Allow ACE | All | Send XMessageContext Extended Properties | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Send XMessageContext Extended Properties | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Send XMessageContext Extended Properties | This is the well-known SID for Edge Transport servers. | |
Exchange Servers | Allow ACE | All | Send XMessageContext Fast Index | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Send XMessageContext Fast Index | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Send XMessageContext Fast Index | This is the well-known SID for Edge Transport servers. | |
Exchange Servers | Allow ACE | All | Send XMessageContext AD Recipient Cache | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Send XMessageContext AD Recipient Cache | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Send XMessageContext AD Recipient Cache | This is the well-known SID for Edge Transport servers. | |
Exchange Servers | Allow ACE | All | Accept Authentication Flag | ||
ExchangeLegacyInterop | Allow ACE | All | Accept Authentication Flag | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Accept Authentication Flag | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Accept Authentication Flag | This is the well-known SID for Edge Transport servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-23 | Allow ACE | All | Accept Authentication Flag | This is the well-known SID for externally secured servers. | |
Exchange Servers | Allow ACE | All | Bypass Anti-Spam | ||
ExchangeLegacyInterop | Allow ACE | All | Bypass Anti-Spam | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Bypass Anti-Spam | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Bypass Anti-Spam | This is the well-known SID for Edge Transport servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-23 | Allow ACE | All | Bypass Anti-Spam | This is the well-known SID for externally secured servers. | |
Exchange Servers | Allow ACE | All | Bypass Message Size Limit | ||
ExchangeLegacyInterop | Allow ACE | All | Bypass Message Size Limit | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Bypass Message Size Limit | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Bypass Message Size Limit | This is the well-known SID for Edge Transport servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-23 | Allow ACE | All | Bypass Message Size Limit | This is the well-known SID for externally secured servers. | |
Exchange Servers | Allow ACE | All | Accept Organization Headers | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Accept Organization Headers | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Accept Organization Headers | This is the well-known SID for Edge Transport servers. | |
Exchange Servers | Allow ACE | All | Submit Messages to Server | ||
ExchangeLegacyInterop | Allow ACE | All | Submit Messages to Server | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Submit Messages to Server | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Submit Messages to Server | This is the well-known SID for Edge Transport servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-23 | Allow ACE | All | Submit Messages to Server | This is the well-known SID for externally secured servers. | |
Exchange Servers | Allow ACE | All | Accept Authoritative Domain Sender | ||
ExchangeLegacyInterop | Allow ACE | All | Accept Authoritative Domain Sender | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Accept Authoritative Domain Sender | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Accept Authoritative Domain Sender | This is the well-known SID for Edge Transport servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-23 | Allow ACE | All | Accept Authoritative Domain Sender | This is the well-known SID for externally secured servers. | |
Authenticated Users | Allow ACE | All | Submit Messages to any Recipient | ||
Authenticated Users | Allow ACE | All | Accept Routing Headers | ||
Authenticated Users | Allow ACE | All | Bypass Anti-Spam | ||
Authenticated Users | Allow ACE | All | Submit Messages to Server |
Account | ACE type | Inheritance | Permissions | On property/ Applies to | Comments |
---|---|---|---|---|---|
Authenticated Users | Allow ACE | All | Submit Messages to any Recipient | ||
Authenticated Users | Allow ACE | All | Accept Routing Headers | ||
Authenticated Users | Allow ACE | All | Bypass Anti-Spam | ||
Authenticated Users | Allow ACE | All | Submit Messages to Server | ||
Exchange Servers | Allow ACE | All | Accept XSessionParams | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Accept XSessionParams | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Accept XSessionParams | This is the well-known SID for Mailbox servers. | |
Exchange Servers | Allow ACE | All | Accept Any Sender | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Accept Any Sender | This is the well-known security identifier (SID) for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Accept Any Sender | This is the well-known SID for Edge Transport servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-23 | Allow ACE | All | Accept Any Sender | This is the well-known SID for externally secured servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Accept Exch50 | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Accept Exch50 | This is the well-known SID for Edge Transport servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-23 | Allow ACE | All | Accept Exch50 | This is the well-known SID for externally secured servers. | |
Exchange Servers | Allow ACE | All | Accept Exch50 | ||
Exchange Servers | Allow ACE | All | Submit Messages to any Recipient | ||
ExchangeLegacyInterop | Allow ACE | All | Submit Messages to any Recipient | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Submit Messages to any Recipient | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Submit Messages to any Recipient | This is the well-known SID for Edge Transport servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-23 | Allow ACE | All | Submit Messages to any Recipient | This is the well-known SID for externally secured servers. | |
Exchange Servers | Allow ACE | All | Accept XShadow | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Accept XShadow | This is the well-known SID for Edge Transport servers. | |
Exchange Servers | Allow ACE | All | Accept Routing Headers | ||
ExchangeLegacyInterop | Allow ACE | All | Accept Routing Headers | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Accept Routing Headers | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Accept Routing Headers | This is the well-known SID for Edge Transport servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-23 | Allow ACE | All | Accept Routing Headers | This is the well-known SID for externally secured servers. | |
Exchange Servers | Allow ACE | All | Accept Forest Headers | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Accept Forest Headers | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Accept Forest Headers | This is the well-known SID for Edge Transport servers. | |
Exchange Servers | Allow ACE | All | Accept xAttr | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Accept xAttr | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Accept xAttr | This is the well-known SID for Edge Transport servers. | |
Exchange Servers | Allow ACE | All | Accept XProxyFrom | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Accept Forest XProxyFrom | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Accept Forest XProxyFrom | This is the well-known SID for Edge Transport servers. | |
Exchange Servers | Allow ACE | All | Accept Authentication Flag | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Accept Authentication Flag | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Accept Authentication Flag | This is the well-known SID for Edge Transport servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-23 | Allow ACE | All | Accept Authentication Flag | This is the well-known SID for externally secured servers. | |
Exchange Servers | Allow ACE | All | Accept XSysProbe | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Accept Forest XSysProbe | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Accept Forest XSysProbe | This is the well-known SID for Edge Transport servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-23 | Allow ACE | All | Accept Authentication Flag | This is the well-known SID for externally secured servers. | |
Exchange Servers | Allow ACE | All | Bypass Anti-Spam | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Bypass Anti-Spam | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Bypass Anti-Spam | This is the well-known SID for Edge Transport servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-23 | Allow ACE | All | Bypass Anti-Spam | This is the well-known SID for externally secured servers. | |
Exchange Servers | Allow ACE | All | Send XMessageContext Extended Properties | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Send XMessageContext Extended Properties | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Send XMessageContext Extended Properties | This is the well-known SID for Edge Transport servers. | |
Exchange Servers | Allow ACE | All | Send XMessageContext Fast Index | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Send XMessageContext Fast Index | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Send XMessageContext Fast Index | This is the well-known SID for Edge Transport servers. | |
Exchange Servers | Allow ACE | All | Bypass Message Size Limit | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Bypass Message Size Limit | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Bypass Message Size Limit | This is the well-known SID for Edge Transport servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-23 | Allow ACE | All | Bypass Message Size Limit | This is the well-known SID for externally secured servers. | |
Exchange Servers | Allow ACE | All | Accept Organization Headers | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Accept Organization Headers | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Accept Organization Headers | This is the well-known SID for Edge Transport servers. | |
Exchange Servers | Allow ACE | All | Send XMessageContext AD Recipient Cache | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Send XMessageContext AD Recipient Cache | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Send XMessageContext AD Recipient Cache | This is the well-known SID for Edge Transport servers. | |
Exchange Servers | Allow ACE | All | Submit Messages to Server | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Submit Messages to Server | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Submit Messages to Server | This is the well-known SID for Edge Transport servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-23 | Allow ACE | All | Submit Messages to Server | This is the well-known SID for externally secured servers. | |
Exchange Servers | Allow ACE | All | Accept Authoritative Domain Sender | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Accept Authoritative Domain Sender | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Accept Authoritative Domain Sender | This is the well-known SID for Edge Transport servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-23 | Allow ACE | All | Accept Authoritative Domain Sender | This is the well-known SID for externally secured servers. |
Account | ACE type | Inheritance | Permissions | On property/ Applies to | Comments |
---|---|---|---|---|---|
NT AUTHORITYANONYMOUS LOGON | Allow ACE | All | Send Routing Headers | ||
Exchange Servers | Allow ACE | All | Send Organization Headers | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Send Organization Headers | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Send Organization Headers | This is the well-known SID for Edge Transport servers. | |
Exchange Servers | Allow ACE | All | Send Forest Headers | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Send Forest Headers | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Send Forest Headers | This is the well-known SID for Edge Transport servers. | |
Exchange Servers | Allow ACE | All | Send XShadow | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Send XShadow | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Send XShadow | This is the well-known SID for Edge Transport servers. | |
Exchange Servers | Allow ACE | All | Send Routing Headers | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-10 | Allow ACE | All | Send Routing Headers | This is the well-known SID for partner servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Send Routing Headers | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Send Routing Headers | This is the well-known SID for Edge Transport servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-23 | Allow ACE | All | Send Routing Headers | This is the well-known SID for externally secured servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-24 | Allow ACE | All | Send Routing Headers | This is the well-known SID for Legacy Exchange Servers. | |
Exchange Servers | Allow ACE | All | Send Exch50 | ||
S-1-9-1419165041-1139599005-3936102811-1022490595-21 | Allow ACE | All | Send Exch50 | This is the well-known SID for Mailbox servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-22 | Allow ACE | All | Send Exch50 | This is the well-known SID for Edge Transport servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-23 | Allow ACE | All | Send Exch50 | This is the well-known SID for externally secured servers. | |
S-1-9-1419165041-1139599005-3936102811-1022490595-24 | Allow ACE | All | Send Exch50 | This is the well-known SID for Legacy Exchange Servers. |