This article is otherwise know as “where did my information store go?”.

It amazes me how many people are out there whom are brave enough to change the default permissions on the Information Stores from within the Exchange System Manager – it is a very dangerous thing to do, and can result in your Exchange server not functioning correctly.

Admittedly there are occasions where you may need to modify the permissions – for example where creating an account for an Archiving Product and the like, however there seem to be a growing trend of people that I have spoken with recently whom have either accidently set a “Deny” entry to a key group on either the server or the database within a storage group (normally I have seen the “Everybody” group denied access) or have been trying to make the server more secure, but did not understand the ramifications of making the change.

Ok, lets see what happens when you set a deny entry on the “Everyone” group – normally your storage group will look like this:

As you can see the Databases are mounted and working just fine. this is correct as the permissions on the Database are set like so

You will notice that the “Everyone” group has a single inherited Allow permission entitled “Create Named Properties in the Information Store” – and none of the other permissions entries are set to either “Deny” or “Allow”.

Now lets see what happens when you remove this permission (Essentially remove the inherited rights and set the “Everyone” group to a global Deny on every property):

You can see that the “Mailbox Store” has disappeared, and although it might be mounted you will find that users cannot access the store.

Right so now we are in a little bit of a Pickle – as you cannot see the store to get the permissions back – is all lost? – no not quite.

On you Exchange Server install the Windows 2003 support tools (or Windows 2000) and open up ADSI Edit and navigate to the following section:

CN=InformationStore,CN=,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=,DC=

And you will find your self at a screen which looks like this:

When you have selected the Storage Group that contains the missing Database the right hand plane of ADSI Edit will change to look like the following:

 You will see the entry for the missing mailbox store.

Right click on this entry and select “Properties” – you will get a message like the following:

Click on the OK button and you will be presented with the following dialog box, click on the security tab and select the “Everyone” group:

You will need to change the permissions setting so the Everyone group has Full Control – when you have done this – click Apply – then go back to the ESM (or better still close it and reopen it) and your store should be back, and you should have control over it again.