Access control list (ACL) inheritance is blocked_InhBlockPublicFolderTree

Applies to: Exchange Server 2013

The content in this topic hasn't been updated for Microsoft Exchange Server 2013. While it hasn't been updated yet, it may still be applicable to Exchange 2013. If you still need help, check out the community resources below.

Having problems? Ask for help in the Exchange forums. Visit the forums at Exchange Server.

Microsoft Exchange Server 2007 or Exchange Server 2010 setup cannot continue because the required permissions have not been able to propagate.

Exchange setup requires that inheritance for permissions be enabled on the following Exchange objects:

  • Exchange Organization object

  • Exchange Administrative Group object

  • Exchange Servers container object

  • Exchange Address List object

  • Exchange Public Folder object

  • Exchange Public Folder tree object

Failure to enable inheritance for permissions on these objects may result in mail flow problems, store mounting issues, and other service outages.

To resolve this issue, make sure that the "Allow permissions to propagate to this object and child objects" setting is enabled for the object, and then rerun Exchange Server 2007 or Exchange 2010 setup.

To re-enable permissions inheritance for an Exchange configuration object using Exchange Server 2003 Exchange System Manager
  1. Enable the Security tab for the object properties box of Exchange System Manager by setting a registry parameter.
    1. Start Registry Editor (Regedt32.exe).
    2. Locate the following key in the registry:
      HKEY_CURRENT_USER\Software\Microsoft\Exchange\EXAdmin
    3. On the Edit menu, click New, and then add the following registry value:
      Value Name: ShowSecurityPage
      Data Type: REG_DWORD
      Radix: Binary
      Value: 1
    4. Quit Registry Editor.

    Note: By default, the Security tab is not enabled in the configuration object properties box.

  2. Open Exchange System Manager, find the object in question, right-click the object and select Properties.
  3. Select the Security tab and then click Advanced.
  4. Select Allow inheritable permissions from the parent to propagate to this object and all child objects to re-enable permissions inheritance.
  5. Restart Exchange Server.

Warning

If you incorrectly modify the attributes of Active Directory objects when you use ADSI Edit, the LDP tool, or another LDAP version 3 client, you may cause serious problems. These problems may require that you reinstall Microsoft Windows Serverâ„¢ 2003, Exchange Server, or both. Modify Active Directory object attributes at your own risk.

To re-enable permissions inheritance for an Exchange configuration object using ADSIEdit from Exchange Server 2007 or Exchange Server 2010
  1. Install ADSI Edit.
  2. Launch ADSI Edit. Click Start, click Run, type adsiedit.msc in the text box, and then click OK.
  3. Navigate to the object in question, right-click the object and select Properties.
  4. Select the Security tab and then click Advanced.
  5. Select Allow inheritable permissions from the parent to propagate to this object and all child objects to re-enable permissions inheritance.
  6. Select Ok twice to apply the change.
  7. Wait for Active Directory replication to propagate the changes or force Active Directory replication.