Similar to a previous problem I had but that was marked as answered. Maybe someone who has extended the schema for 2003 -> 2010 can advise:
1. Ran ExPDA a couple of months back and all came back fine (I have a copy of the report and can confirm no errors)
2. Extended the 2003 schema using the normal /PrepareLegacyExchangePermissions /PrepareSchema /PrepareAD
3. Ran ExPDA afterwards just to see if anything has come up before installing the first Exchange 2010 server - this has now been put on hold due to something showing up in the report
ExPDA shows => Access control list (ACL) inheritance is blocked for the Exchange Organization object (CN=Exchange Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Domain,DC=net). This may cause mail flow problems, store mounting issues and other service outages.
I have asked around and the IT guys on site swear that no-one has changed permissions or unticked the inheritance box at the top level of the Exchange 2003 tree. I have never run the ExPDA following a schema update, so am wondering whether this is normal and it shows up after extending the schema? ie The commands themselves actually turn off inheritance at the top of the tree?
I am hesitant to follow the advice in the ExPDA as although we have not deployed any Exchange 2010 servers, the schema HAS been updated and this error was not there before. Anyone currently in co-existence and recently extended the schema on 2003 that can confirm this behaviour? If I hadn't run the ExPDA after updating the schema this wouldn't have been picked up as normally ExPDA is run before doing anything and then not run again.
Inheritance is blocked at this level => CN=Exchange Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Domain,DC=net
All objects beneath this inherit from that object fine and I wonder if ther permissions are blocked here as part of the 2010 schema update to stop any bad permissions coming down from further up? On a fresh clean Exchange 2010 install in the lab, the above object inherits from its parents and doesnt exhibit this behaviour, but I do not have a second 2003 environment to check.
