Delegated Admin Cannot Create Contact Objects - Effective permissions reports Create Contact Object Access
<SOLVED - see bottom> I'm having an issue in which an admin is unable to create contacts in AD. This admin does not have Domain Admin rights, but does have delegated rights to the OU in question. The user is also a member of the Exchange Recipient Administrators and Exchange Public Folder Administrators groups (Exchange 2007) I have created a test account with the same permissions in order to troubleshoot this and I am able to repeat this behavior using that test account. Effective Permissions on the OU the admin is trying to create a contact in reports that the admin has "Create Contact Object" access. I would note that the admin does not have "Delete Contact Object" access. If I add the test admin account to the Domain Admins group, it can then create the contact object. This leads me to believe that there is an AD permission that needs to be added, but I'm not sure what it is. What permission entry am I missing to properly delegate this out? ** FIGURED THIS OUT ALREADY, BUT I'LL POST ANYWAYS AS I COULDN'T FIND THIS DOCUMENTED ANYWHERE: If you want to delegate Create Contact, you also MUST delegate Delete Contact or else the delegation does not work.
August 1st, 2012 4:21pm
If you want to delegate Create Contact, you also MUST delegate Delete Contact or else the delegation does not work.
Free Windows Admin Tool Kit Click here and download it now
August 1st, 2012 4:22pm
Hi Jeff, Are you trying to create recipient in ADUC? If this is the case, it is recommended to post the question in AD forum. Your understanding would be appreciated. Just for your reference: http://technet.microsoft.com/en-us/library/cc778807(WS.10).aspx If you want to create mail recipient in Exchange, is there any error message recorded? Thanks. Fiona Liao TechNet Community Support
August 2nd, 2012 5:15am
Hi Jeff, Are you trying to create recipient in ADUC? If this is the case, it is recommended to post the question in AD forum. Your understanding would be appreciated. Just for your reference: http://technet.microsoft.com/en-us/library/cc778807(WS.10).aspx If you want to create mail recipient in Exchange, is there any error message recorded? Thanks. Fiona Liao TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
August 2nd, 2012 5:19am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics