Hello, I have a single multi-role Exchange 2010 SP1 server installed on Server 2008 R2. I am currently in coexistence with 2003. There are a number of pilot users that have mailboxes on Exchange 2010. My users are unable to update the address lists assigned to them. The check box to allow users to edit their own distribution groups is checked. When a user tries editing a Distirbution group through ECP an error window pops up saying "the item(s) you are trying to open couldn't be found" An error is also logged in the Exchange Event log. Error 9/7/2010 10:39:09 AM MSExchange Configuration Cmdlet - Control Panel 4 General Log Name: Application Source: MSExchange Configuration Cmdlet - Control Panel Date: 9/7/2010 10:39:09 AM Event ID: 4 Task Category: General Level: Error Keywords: Classic User: N/A Computer: MAIL.buffalomd.lan Description: (PID 3076, Thread 8) Task Update-DistributionGroupMember writing error when processing record of index 0. Error: Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException: Couldn't find object "Aleshia Walker". Please make sure that it was spelled correctly or specify a different object. Reason: The recipient Aleshia Walker isn't the expected type. at Microsoft.Exchange.Configuration.Tasks.DataAccessTask`1.GetDataObject[TObject](IIdentityParameter id, IConfigDataProvider session, ObjectId rootID, OptionalIdentityData optionalData, Nullable`1 notFoundError, Nullable`1 multipleFoundError) at Microsoft.Exchange.Management.RecipientTasks.AddDistributionGroupMember.ValidateAndAddMember(IConfigDataProvider session, ADGroup group, RecipientIdParameter member, String groupRawIdentity, Boolean isSelfValidation, WriteErrorDelegate writeError, GetDataObjectDelegate getDataObject) at Microsoft.Exchange.Management.RecipientTasks.UpdateDistributionGroupMemberBase.InternalValidate() at Microsoft.Exchange.Configuration.Tasks.Task.ProcessRecord() Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="MSExchange Configuration Cmdlet - Control Panel" /> <EventID Qualifiers="49152">4</EventID> <Level>2</Level> <Task>1</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2010-09-07T14:39:09.000000000Z" /> <EventRecordID>4601</EventRecordID> <Channel>Application</Channel> <Computer>MAIL.buffalomd.lan</Computer> <Security /> </System> <EventData> <Data>3076</Data> <Data>8</Data> <Data>Update-DistributionGroupMember</Data> <Data>0</Data> <Data>Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException: Couldn't find object "Aleshia Walker". Please make sure that it was spelled correctly or specify a different object. Reason: The recipient Aleshia Walker isn't the expected type. at Microsoft.Exchange.Configuration.Tasks.DataAccessTask`1.GetDataObject[TObject](IIdentityParameter id, IConfigDataProvider session, ObjectId rootID, OptionalIdentityData optionalData, Nullable`1 notFoundError, Nullable`1 multipleFoundError) at Microsoft.Exchange.Management.RecipientTasks.AddDistributionGroupMember.ValidateAndAddMember(IConfigDataProvider session, ADGroup group, RecipientIdParameter member, String groupRawIdentity, Boolean isSelfValidation, WriteErrorDelegate writeError, GetDataObjectDelegate getDataObject) at Microsoft.Exchange.Management.RecipientTasks.UpdateDistributionGroupMemberBase.InternalValidate() at Microsoft.Exchange.Configuration.Tasks.Task.ProcessRecord()</Data> <Data>{dbecc3ec-342a-4c6c-a128-a27706cf5fa1}</Data> </EventData> </Event> The user it is complaining about does not have an e-mail address associated with the account, however, we are not trying to add that account to the DL. The account we are trying to add has an e-mail address, and is part of the exchange organization. If the user tries editing the DL in Outlook, they get the standard error saying they do not have sufficient permissions. Thanks for your help. Scott

Hi, This problem happens if any of the following conditions are true: The built-in security group EventLog does not have permissions on the folder %SystemRoot%\System32\winevt\Logs The Local Service account does not have default permissions on the following registry key: HKLM\Software\Microsoft\Windows\CurrentVersion\Reliability To restore the default permissions on folder %SystemRoot%\System32\winevt\logs, follow these steps. Right-click on %SystemRoot%\System32\winevt\logs and select Properties. Select the Security tab. Click Edit button and click the Add button in the permissions dialog box. In Select users, computers, or Groups dialog box ensure that under object types Built in Security Principals and the location as local computer name is selected. Enter the object name as "NT SERVICE\EventLog" without quotes. And click OK. This group should have full control on the folder. Once EventLog group is added add the rest of the groups with above mentioned permissions. Another Method Identify a Windows Server 2008 machine with default permissions. Click Start, and then type cmd in the Start Search box. In the search results list, right-click Command Prompt, and then click Run as Administrator. When you are prompted by User Account Control, click Continue. Type the command CD %SystemRoot%\SYSTEM32. Once the working directory is changed to %SystemRoot%\SYSTEM32 type the command icacls winevt\* /save acl /T. This will save a file named ACL in %SystemRoot%\SYSTEM32. Copy this file to the C: drive on the problem computer. On the problem computer, open command prompt with administrator privileges (refer to previous steps 1-3). Change the working directory to %SystemRoot%\SYSTEM32. Execute the command icacls winevt\ /restore acl. Default permissions on the registry key HM.C.I.T.P Exchange 2007/2010, M.C.I.T.P Windows Server 2008, M.C.T.S OCS Server 2007 R2, URL: http://blog.WhatDoUC.net Phone: +923008210320

Thanks for the reply. The above settings were already there, so no settings could be changed. I assume that this is to be done on the Exchange 2010 server. Also. There a number of registry settings in ..\CurrentVersion\Reliability. That is the folder, which key are you referrring to?

Hi, Regarding to the "Do not have sufficient permissions" error message, it can occur if you have a user group in one Active Directory domain and a distribution group in another domain. To fix the issue, please assign the DL and user group in the same domain. For more information about the error message, please refer to the following article: "Do not have sufficient permissions" error message occurs when you use Outlook Address Book to manage distribution list membership Also, I would like to share you the following article to delegate the management of distribution group membership to a user. How to Delegate Management of Distribution Group Membership to a User If the issue still occurs after performing above suggestions, I suggest you capture all error messages, post them to Paint and then upload it to Skydrive (www.skydrive.live.com) for research. Thanks. Novak Wu-MSFT