Insufficient Permissions?

Environment is single Exch 5.5 server on Win2k member server in a win2k domain.

I am unable to change anything under my address book views. Any change gives the error: DS_E_INSUFFICIENT_ACCESS_RIGHTS.

If I check the properties of the address book view container I have the following permissions:

Inherited:
domain\service account = service account admin
domain\domain admins = permissions admin

Defined:
domain\domain users = search

I am logging on locally using the service account. The service account belongs to both the local & domain admin groups. I have complete access over all other objects in the directory.  

Any ideas what I could be missing?  any other way to change the settings?






Storewebmaster1Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

GUEENCommented:
Do you belong to the 'Exchange Administrator' group?  You have to be a member of that group to get full perms.
0
GUEENCommented:
that would be above and beyond being an administrator or domain administrator - you also have to be an exchange administrator.
0
Storewebmaster1Author Commented:
Both the domain administrator and exchange service account are members of the Exchange administrators group and still the same.  I have access to all other objects in the exchange administrator except the address book views.  I can view the settings for the address book views, but cannot change anything.
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

GUEENCommented:
What service pack level?  If you have sp4 then try this:

1. Backup Dir.edb

2. Stop exchange directory service.( We strongly recommend
making offline backup of )

3. Rename DSAMain.exe file to DSAMain.old, and then    paste DSAMain.exe file from Service Pack 3 into the same folder as the renamed DSAMain.

4. Restart exchange directory service.

5. Open Exchange Administrator and open top-level Address Book View and add service account. Give service account administrative permissions.

6. Stop exchange directory service again.

7. Delete SP3 version of DSAMain.exe, and then rename SP4 version of DSAMain.old back to DSAMain.exe

8. Restart MS Exchange services.

0
Storewebmaster1Author Commented:
We are running SP4. I will try this at my first opportunity. We have only one Exchange server, so I need to get a chance outside of normal business hours to take the server offline.

As a temporary work around to allow users to access the full GAL, I was able to give everyone search permissions on the site container.  Not the most secure thing, but it works for now.
0
xanthrasCommented:
I am having the same problem. The solution presented above did not change anything for me. ARe there any other options?

I am running Exchange 5.5 SP4 on Winnt 4 SP6.
0
GUEENCommented:
Are you able to login with the site service account or do you get the same errors with the SSA?
0
xanthrasCommented:
I can log in with the service account.
I can change some things in Ex Admin but certain things i get this error on. Such as permission changes on some items, and changing the primary NT account for a mailbox. This Server was inherited, i am not sure what they have done to it.

I have built an identical server just for testing purposes that i restored from backup on a test domain ( the test domain is the same is the production domain, it was created with a BDC we took offline )

I am up to try anything on my test server. It is showing the same issues as the production server.
0
xanthrasCommented:
I got it working. Looks like a previous ADministrator changed the perms to admin. Rights for the service account need to be the following:

Have Full rights (Service Account Administrator rights) on the organization, site, and configuration objects in the Exchange Server directory database on each server.

I logged on as a Permssions Admin and made my changes.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jboubCommented:
Please note that SP4 for Exchange 5.5 changes the huristic bit which affects the permission settings on the site, which affects the address book.
See article Q282184. Need to log into Exchange Admin as the Exchange account with /r for raw mode.  exchsrvr\bin\admin.exe /r.
Once in, go to the address book and select raw properties. From there select "ALL" for attrib types, then select huristic. Place a 1 in as the value.

Seems that the sp4 reversed the value

Good luck
Jon Boub
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Software

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.