Export (0) Print
Expand All
Expand Minimize

Access control list (ACL) inheritance is blocked_InhBlockPublicFolderTree

 

Applies to: Exchange Server

Topic Last Modified: 2012-06-05

The content in this topic hasn't been updated for Microsoft Exchange Server 2013. While it hasn't been updated yet, it may still be applicable to Exchange 2013. If you still need help, check out the community resources below.

Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection.

Microsoft Exchange Server 2007 or Exchange Server 2010 setup cannot continue because the required permissions have not been able to propagate.

Exchange setup requires that inheritance for permissions be enabled on the following Exchange objects:

  • Exchange Organization object

  • Exchange Administrative Group object

  • Exchange Servers container object

  • Exchange Address List object

  • Exchange Public Folder object

  • Exchange Public Folder tree object

Failure to enable inheritance for permissions on these objects may result in mail flow problems, store mounting issues, and other service outages.

To resolve this issue, make sure that the "Allow permissions to propagate to this object and child objects" setting is enabled for the object, and then rerun Exchange Server 2007 or Exchange 2010 setup.

 

To re-enable permissions inheritance for an Exchange configuration object using Exchange Server 2003 Exchange System Manager

  1. Enable the Security tab for the object properties box of Exchange System Manager by setting a registry parameter.

    1. Start Registry Editor (Regedt32.exe).

    2. Locate the following key in the registry:

      HKEY_CURRENT_USER\Software\Microsoft\Exchange\EXAdmin

    3. On the Edit menu, click New, and then add the following registry value:

      Value Name: ShowSecurityPage

      Data Type: REG_DWORD

      Radix: Binary

      Value: 1

    4. Quit Registry Editor.

    NoteNote:
    By default, the Security tab is not enabled in the configuration object properties box.
  2. Open Exchange System Manager, find the object in question, right-click the object and select Properties.

  3. Select the Security tab and then click Advanced.

  4. Select Allow inheritable permissions from the parent to propagate to this object and all child objects to re-enable permissions inheritance.

  5. Restart Exchange Server.

CautionCaution:
If you incorrectly modify the attributes of Active Directory objects when you use ADSI Edit, the LDP tool, or another LDAP version 3 client, you may cause serious problems. These problems may require that you reinstall Microsoft Windows Server™ 2003, Exchange Server, or both. Modify Active Directory object attributes at your own risk.

 

To re-enable permissions inheritance for an Exchange configuration object using ADSIEdit from Exchange Server 2007 or Exchange Server 2010

  1. Install ADSI Edit.

  2. Launch ADSI Edit. Click Start, click Run, type adsiedit.msc in the text box, and then click OK.

  3. Navigate to the object in question, right-click the object and select Properties.

  4. Select the Security tab and then click Advanced.

  5. Select Allow inheritable permissions from the parent to propagate to this object and all child objects to re-enable permissions inheritance.

  6. Select Ok twice to apply the change.

  7. Wait for Active Directory replication to propagate the changes or force Active Directory replication by following the guidance in Microsoft Knowledge Base article 232072, "Initiating Replication Between Active Directory Direct Replication Partners" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=232072).

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft