Storewebmaster1
asked on
Insufficient Permissions?
Environment is single Exch 5.5 server on Win2k member server in a win2k domain.
I am unable to change anything under my address book views. Any change gives the error: DS_E_INSUFFICIENT_ACCESS_R
If I check the properties of the address book view container I have the following permissions:
Inherited:
domain\service account = service account admin
domain\domain admins = permissions admin
Defined:
domain\domain users = search
I am logging on locally using the service account. The service account belongs to both the local & domain admin groups. I have complete access over all other objects in the directory.
Any ideas what I could be missing? any other way to change the settings?
I am unable to change anything under my address book views. Any change gives the error: DS_E_INSUFFICIENT_ACCESS_R
If I check the properties of the address book view container I have the following permissions:
Inherited:
domain\service account = service account admin
domain\domain admins = permissions admin
Defined:
domain\domain users = search
I am logging on locally using the service account. The service account belongs to both the local & domain admin groups. I have complete access over all other objects in the directory.
Any ideas what I could be missing? any other way to change the settings?
GUEEN
Do you belong to the 'Exchange Administrator' group? You have to be a member of that group to get full perms.
that would be above and beyond being an administrator or domain administrator - you also have to be an exchange administrator.
ASKER
Both the domain administrator and exchange service account are members of the Exchange administrators group and still the same. I have access to all other objects in the exchange administrator except the address book views. I can view the settings for the address book views, but cannot change anything.
What service pack level? If you have sp4 then try this:
1. Backup Dir.edb
2. Stop exchange directory service.( We strongly recommend
making offline backup of )
3. Rename DSAMain.exe file to DSAMain.old, and then paste DSAMain.exe file from Service Pack 3 into the same folder as the renamed DSAMain.
4. Restart exchange directory service.
5. Open Exchange Administrator and open top-level Address Book View and add service account. Give service account administrative permissions.
6. Stop exchange directory service again.
7. Delete SP3 version of DSAMain.exe, and then rename SP4 version of DSAMain.old back to DSAMain.exe
8. Restart MS Exchange services.
1. Backup Dir.edb
2. Stop exchange directory service.( We strongly recommend
making offline backup of )
3. Rename DSAMain.exe file to DSAMain.old, and then paste DSAMain.exe file from Service Pack 3 into the same folder as the renamed DSAMain.
4. Restart exchange directory service.
5. Open Exchange Administrator and open top-level Address Book View and add service account. Give service account administrative permissions.
6. Stop exchange directory service again.
7. Delete SP3 version of DSAMain.exe, and then rename SP4 version of DSAMain.old back to DSAMain.exe
8. Restart MS Exchange services.
ASKER
We are running SP4. I will try this at my first opportunity. We have only one Exchange server, so I need to get a chance outside of normal business hours to take the server offline.
As a temporary work around to allow users to access the full GAL, I was able to give everyone search permissions on the site container. Not the most secure thing, but it works for now.
As a temporary work around to allow users to access the full GAL, I was able to give everyone search permissions on the site container. Not the most secure thing, but it works for now.
I am having the same problem. The solution presented above did not change anything for me. ARe there any other options?
I am running Exchange 5.5 SP4 on Winnt 4 SP6.
I am running Exchange 5.5 SP4 on Winnt 4 SP6.
Are you able to login with the site service account or do you get the same errors with the SSA?
I can log in with the service account.
I can change some things in Ex Admin but certain things i get this error on. Such as permission changes on some items, and changing the primary NT account for a mailbox. This Server was inherited, i am not sure what they have done to it.
I have built an identical server just for testing purposes that i restored from backup on a test domain ( the test domain is the same is the production domain, it was created with a BDC we took offline )
I am up to try anything on my test server. It is showing the same issues as the production server.
I can change some things in Ex Admin but certain things i get this error on. Such as permission changes on some items, and changing the primary NT account for a mailbox. This Server was inherited, i am not sure what they have done to it.
I have built an identical server just for testing purposes that i restored from backup on a test domain ( the test domain is the same is the production domain, it was created with a BDC we took offline )
I am up to try anything on my test server. It is showing the same issues as the production server.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.