Get-transportserver Error
Hi ,Today i have delegate my helpdesk ppl to have exchange recipient administrator roles in exchange 2007 sp1 (Windows 2003 ent sp3). However , when they lauch the exchange console from the server (Terminal into the server and launch the exchange console). It give "Get-transportserver access is denied". So is there any missing action i need perform inorder toremove this error message ? If i grant exchange organisation administrator then they wont have any error messages.
August 11th, 2009 7:10am
Hi,
if you have IIS7 try by installing below hotfix...
FIX: Error message when you try to administer a remote IIS 7.0 server and the impersonation level of the calling thread is set to Identify: "Exception Details: System.Runtime.InteropServices.COMException: Access is denied"
http://support.microsoft.com/kb/956301http://exchangeshare.wordpress.com/2008/07/16/how-to-recreate-owa-virtual-directory-exchange-2007/ Anil
Free Windows Admin Tool Kit Click here and download it now
August 11th, 2009 8:19am
Can you verify that "Exchange Recipients Administrator" group is listed under member tab of "Exchange View-Only Administrator"?Amit Tank | MVP Exchange Server | MCITP: EMA | MCSA: M | http://ExchangeShare.WordPress.com
August 11th, 2009 8:42am
Hi ,Thanks for quick response .Amit Tank ,Yes it is listed under member tab of "Exchange view-only administrator".However, i found out that i need to add those members into the Local Administrator Group of the exchange servers (MAILBOX , HUB/CAS) then it will resolve the error messages.Add members intolocal admin of the MAILBOX's serverwill solve the get-trasnportserver error Add members into local admin of the HUB/CAS's serverwill solve the IIS error.But is it the right way to do it ? I tried add them into power users groups however it doesnt work very well , i cant see some of the options.
Free Windows Admin Tool Kit Click here and download it now
August 11th, 2009 10:37am
Yes, to get server levelinformation users need to have local admin permission but why Recipient admins requires to see those information? And in that case you can create a custom MMC for Recipient Configuration Node only. Refer below procedure...
How to Add an Exchange Recipient Configuration Node to Microsoft Management Console
http://technet.microsoft.com/en-us/library/bb266911.aspxAmit Tank | MVP Exchange Server | MCITP: EMA | MCSA: M | http://ExchangeShare.WordPress.com
August 11th, 2009 10:57am
Ah, thanks very much wastrying to look for this information to customise the exchange console also .. But im still have a bit concern on the local admin rights , they are using the remote desktop , mean that theycan do anything on the servers inlcudingrestart the server. Setup console at their computers is useless as they still able remote into the exchange server with local admin rights.Further more after i read on regardsto move mailbox which is part of their jobscope also require exchange org admin rights . Look like is much more easier if igrant them exchange org admin ....
Q: What permissions do I need to move a mailbox between Exchange mailbox stores?
A: The Move Mailbox functionality that can be accessed from the Exchange Management Console and Exchange Management Shell logs on to the source mailbox and moves the folders and messages to the destination mailbox. You can move mailboxes between mailbox stores in the same storage group, across different storage groups on the same server, and between Exchange servers. You must have permissions on the user object in ActiveDirectory to modify its Exchange mailbox attributes. A user who is an Account Operator will have these permissions. You must also have the following permissions:
Exchange Organization Administrator role or be delegated the Exchange Server Administrator role on the source and target Exchange2007 mailbox servers.
Member of the Administrators group on the local workstation or server to create a dynamic MAPI profile
Free Windows Admin Tool Kit Click here and download it now
August 11th, 2009 11:56am