Problem
A disabled user account has a Exchange 2000 mailbox that other authorised users require access to. The authorised users have been granted "Full mailbox access" permissions, but they are still unable to open the mailbox. The exchange server will also have log the following application event log messages:

Source: MSExchangeIS
Category: General
Event ID: 9548
Type: Warning
Description:
Disabled user /o=<organisation>/ou=<administrative group>/cn=<recipient container>/cn=<user account> does not have a master account SID. Please use Active Directory MMC to set an active account as this user's master account.

Source: MSExchangeISMailbox
Category: Logons
Event ID: 1022
Type: Error
Description:
Logon Failure on database "<storage group>\<mailbox store> (<server>)" - Windows 2000 account <domain>\<user account>; mailbox /o=<organisation>/ou<administrative group>/cn=<recipient container>/cn=<user account>. Error: -2147221231

Cause
The error occurs, because the disabled account does not have a msExchMasterAccountSID attribute.

Solution
Open the Active Directory Users and Computers MMC. On the View menu, ensure that "Advanced Features" is checked. Locate the disabled user account, and open the properties dialog box. Select the "Exchange Advanced" tab, and click "Mailbox Rights...". Ensure that the "SELF" built-in group has "Associated external account" permission.
Only one account can be granted the "Associated external account" permission. If you are unable to grant the "SELF" built-in group the "Associated external account" permission, locate the account that has the "Associated external account" permission, and remove it. Apply the changes before trying to give the "SELF" built-in group the permission again.

You may need to restart the "Microsoft Exchange Information Store" service for the change to take effect.

How?
For detailed information for this particular problem, see article Q278966.
For general information on the LDIFDE command, read this Topic

Thankz, Erwin