Link to home
Start Free TrialLog in
Avatar of ansar1973

asked on

Write DACL inherit (group) right for the Exchange Servers group should be removed from the root of the domain by running the following command:

In my exchange 2007 organization i removed all the exchange 2003 as per the microsoft instruction and only thing i am unable to do is
Remove-ADPermission "dc=<Domain>" -user "<RootDomain>\Exchange Servers" -AccessRights WriteDACL -InheritedObjectType Group
My case
Remove-ADPermission "dc=cb.local" -user "cb.local\Exchange Servers" -AccessRights WriteDACL -InheritedObjectType Group

It never worked. has any one tried this please reply.
I feel there is a bug in this command, did any one tried this
Avatar of peakpeak
Flag of Sweden image

What is the error message?
Avatar of johnspie

i'm having the same issue. it appears to be syntax related.
could anyone provide clarity on the command?
I just had the same problem.  You need to use the ldap type syntax, so your command would be:

Remove-ADPermission "dc=cb,dc=local" -user "cb.local\Exchange Servers" -AccessRights WriteDACL -InheritedObjectType Group
i have the same problem.
i run the command

Remove-ADPermission "dc=cb,dc=local" -user "cb.local\Exchange Servers" -AccessRights WriteDACL -InheritedObjectType Group   (by be82453)

and it did run. but it comes with error that "Exchange servers" does not have this write which i am trying to remove. so i think we dont need to remove it.

let me know if you find anything else.

I also have this problem.
Error message is below.

Remove-ADPermission : Cannot remove ACE on object "DC=local,DC=com" for account "\Exchange Servers" because it is not present.
At line:1 char:20
+ remove-ADpermission  <<<< "DC=local,DC=com"  -user "\Exchange Servers" -Accessrights WriteDACL -inheritedobjecttype group
Avatar of BorgusGroup

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks Borgus... Worked Perfect switching out \Exchange Servers" with "Exchange Enterprise servers"