Insufficient Permissions?

Posted on 2003-03-07
Medium Priority
Last Modified: 2012-06-27
Environment is single Exch 5.5 server on Win2k member server in a win2k domain.

I am unable to change anything under my address book views. Any change gives the error: DS_E_INSUFFICIENT_ACCESS_RIGHTS.

If I check the properties of the address book view container I have the following permissions:

domain\service account = service account admin
domain\domain admins = permissions admin

domain\domain users = search

I am logging on locally using the service account. The service account belongs to both the local & domain admin groups. I have complete access over all other objects in the directory.  

Any ideas what I could be missing?  any other way to change the settings?

Question by:Storewebmaster1
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
LVL 16

Expert Comment

ID: 8123656
Do you belong to the 'Exchange Administrator' group?  You have to be a member of that group to get full perms.
LVL 16

Expert Comment

ID: 8123663
that would be above and beyond being an administrator or domain administrator - you also have to be an exchange administrator.

Author Comment

ID: 8128110
Both the domain administrator and exchange service account are members of the Exchange administrators group and still the same.  I have access to all other objects in the exchange administrator except the address book views.  I can view the settings for the address book views, but cannot change anything.
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

LVL 16

Expert Comment

ID: 8129388
What service pack level?  If you have sp4 then try this:

1. Backup Dir.edb

2. Stop exchange directory service.( We strongly recommend
making offline backup of )

3. Rename DSAMain.exe file to DSAMain.old, and then    paste DSAMain.exe file from Service Pack 3 into the same folder as the renamed DSAMain.

4. Restart exchange directory service.

5. Open Exchange Administrator and open top-level Address Book View and add service account. Give service account administrative permissions.

6. Stop exchange directory service again.

7. Delete SP3 version of DSAMain.exe, and then rename SP4 version of DSAMain.old back to DSAMain.exe

8. Restart MS Exchange services.


Author Comment

ID: 8130040
We are running SP4. I will try this at my first opportunity. We have only one Exchange server, so I need to get a chance outside of normal business hours to take the server offline.

As a temporary work around to allow users to access the full GAL, I was able to give everyone search permissions on the site container.  Not the most secure thing, but it works for now.

Expert Comment

ID: 8517629
I am having the same problem. The solution presented above did not change anything for me. ARe there any other options?

I am running Exchange 5.5 SP4 on Winnt 4 SP6.
LVL 16

Expert Comment

ID: 8517808
Are you able to login with the site service account or do you get the same errors with the SSA?

Expert Comment

ID: 8518227
I can log in with the service account.
I can change some things in Ex Admin but certain things i get this error on. Such as permission changes on some items, and changing the primary NT account for a mailbox. This Server was inherited, i am not sure what they have done to it.

I have built an identical server just for testing purposes that i restored from backup on a test domain ( the test domain is the same is the production domain, it was created with a BDC we took offline )

I am up to try anything on my test server. It is showing the same issues as the production server.

Accepted Solution

xanthras earned 500 total points
ID: 8525613
I got it working. Looks like a previous ADministrator changed the perms to admin. Rights for the service account need to be the following:

Have Full rights (Service Account Administrator rights) on the organization, site, and configuration objects in the Exchange Server directory database on each server.

I logged on as a Permssions Admin and made my changes.

Assisted Solution

jboub earned 500 total points
ID: 10551933
Please note that SP4 for Exchange 5.5 changes the huristic bit which affects the permission settings on the site, which affects the address book.
See article Q282184. Need to log into Exchange Admin as the Exchange account with /r for raw mode.  exchsrvr\bin\admin.exe /r.
Once in, go to the address book and select raw properties. From there select "ALL" for attrib types, then select huristic. Place a 1 in as the value.

Seems that the sp4 reversed the value

Good luck
Jon Boub

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The biggest nightmare for any Exchange Server Administrator is to keep the server running without any issue. But the problems often come and they need to be resolved efficiently and timely. Here are important troubleshooting points: Define the Pr…
We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
The purpose of this video is to demonstrate how to set up an account with Mailchimp. This will be demonstrated using a Windows 8 PC. Tools Used are: Mailchimp.com Go to Mailchimp.com : Enter an Email, Username, and Password. Click Create My Acco…
In this Experts Exchange video Micro Tutorial, I'm going to show how small business owners who use Google Apps can save money by setting up what is called a catch-all email address in their Gmail accounts. By using the catch-all feature, small busin…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question