Exchange 2010 Usermail box creation Fail
I have Installed AD on Window 2008 R2 Machine and than installed Exchange 2010 on same machine.
Now i have installed Exchange Management Control on other machine which which i am creating mailbox for a user ,I am getting user don't have proper permission to create mail user.
Please help me to know what all permission are required to the user.
Regards,
May 22nd, 2012 2:39pm
What Exchange groups is this user a member of?James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
May 22nd, 2012 2:54pm
Related to Exchange this user is member of " Exchange security Group"
May 22nd, 2012 3:04pm
The user will either need to be a member of Recipient Management or Organisation Management to create users. These roles can be assigned using the Exchange Control Panel.
Steve
Free Windows Admin Tool Kit Click here and download it now
May 22nd, 2012 3:06pm
Not enough, need to be recipient or org management mentioned by Steve.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
May 22nd, 2012 3:18pm
thanks for the response
still i am getting below error while creating mailbox
Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
Thnaks
Free Windows Admin Tool Kit Click here and download it now
May 23rd, 2012 1:23am
Previously it was having Organization Management Group same issue was coming
so I have given administrator both Orginization and Recipient Management Group. still no progress
May 23rd, 2012 1:28am
i have clicked on my created orgainization -->properties-->security-->advance and check the above (Include inheritable permissions from this object's parent",) its already checked.
:(
Free Windows Admin Tool Kit Click here and download it now
May 23rd, 2012 1:49am
Are you actually using the "administrator" account? Can you use a separate non built in account?James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
May 23rd, 2012 10:36am
Yes I am using the domain Administrator account
Free Windows Admin Tool Kit Click here and download it now
May 23rd, 2012 10:38am
can you tell me how to create other account and what all permission is required to be given to same account.
May 23rd, 2012 10:42am
Can you post the exact error?
Can you perform any other task, for e,g create a connector or a mbx DB?Sukh
Free Windows Admin Tool Kit Click here and download it now
May 23rd, 2012 10:44am
23/2012 7:56:15 AM <ERROR>: Class-> PowerShellExchangeServiceImpl Method -> Create, Message -> Error while creating UserMailbox for User TEST7@example.local. Message
is Problem while PowerShell execution abcd.Framework.Common.Exceptions.ConnectorException: Active Directory operation failed on WIN-8RNF13ABCD.example.local. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
May 23rd, 2012 10:50am
Create a new user, put him in domain admins and exchange org admin for now. Possibly the admin account may have some hidden deny ACE somewhere in the exchange config, DB etc.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
May 23rd, 2012 11:12am
How many DC/GC do you have?
Can you check the 2080 event id in the app log?Sukh
May 23rd, 2012 11:15am
we have forest structure with 3 sub domain, but as of now i am creating in top domain.
can you tell me where to see "2080
event id in the app log"
Free Windows Admin Tool Kit Click here and download it now
May 23rd, 2012 11:21am
You will find event 2080 in the application log in event viewer.
Please open up Exchange management shell and try to create the mailbox and post the error message you get in the EMS.
It may be issue with the remote powershell execution policy.
Type "Get-ExecutionPolicy" to view your execution policy settings and post the output here
Also please make sure you are logged into domain. You can verify the same by running Set u command.
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Hasnain Shaikh| My blogs:
http://messagingserversupport.com
May 23rd, 2012 11:39am
Hi
I am getting "RemoteSigned"
can you tell me the exact path to open this log am not bale to find the same,
Free Windows Admin Tool Kit Click here and download it now
May 23rd, 2012 11:51am
event viewer>app logSukh
May 23rd, 2012 12:33pm
i am not able to find the log file
Please guide me where i need to look for this app log.
Free Windows Admin Tool Kit Click here and download it now
May 24th, 2012 1:11am
1. On the Start menu, point to All Programs, point to Administrative Tools, and then click Event Viewer.
2. In Event Viewer, click Application3. Look for ANY error and and information log with an ID of 2080
Sukh
May 24th, 2012 3:30am
thanks sukh for your input.
So what was the resolution?Sukh
Free Windows Admin Tool Kit Click here and download it now
May 24th, 2012 10:44am