Link to home
Start Free TrialLog in
Avatar of ansar1973
ansar1973

asked on

Write DACL inherit (group) right for the Exchange Servers group should be removed from the root of the domain by running the following command:

In my exchange 2007 organization i removed all the exchange 2003 as per the microsoft instruction and only thing i am unable to do is    http://technet.microsoft.com/en-us/library/bb288905.aspx
Remove-ADPermission "dc=<Domain>" -user "<RootDomain>\Exchange Servers" -AccessRights WriteDACL -InheritedObjectType Group
My case
Remove-ADPermission "dc=cb.local" -user "cb.local\Exchange Servers" -AccessRights WriteDACL -InheritedObjectType Group

It never worked. has any one tried this please reply.
I feel there is a bug in this command, did any one tried this
Avatar of peakpeak
peakpeak
Flag of Sweden image

What is the error message?
Avatar of johnspie
johnspie

i'm having the same issue. it appears to be syntax related.
could anyone provide clarity on the command?
I just had the same problem.  You need to use the ldap type syntax, so your command would be:

Remove-ADPermission "dc=cb,dc=local" -user "cb.local\Exchange Servers" -AccessRights WriteDACL -InheritedObjectType Group
hi
i have the same problem.
i run the command

Remove-ADPermission "dc=cb,dc=local" -user "cb.local\Exchange Servers" -AccessRights WriteDACL -InheritedObjectType Group   (by be82453)

and it did run. but it comes with error that "Exchange servers" does not have this write which i am trying to remove. so i think we dont need to remove it.

let me know if you find anything else.
thanks

Hi
I also have this problem.
Error message is below.

Remove-ADPermission : Cannot remove ACE on object "DC=local,DC=com" for account "local.com\Exchange Servers" because it is not present.
At line:1 char:20
+ remove-ADpermission  <<<< "DC=local,DC=com"  -user "local.com\Exchange Servers" -Accessrights WriteDACL -inheritedobjecttype group
ASKER CERTIFIED SOLUTION
Avatar of BorgusGroup
BorgusGroup

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks Borgus... Worked Perfect switching out \Exchange Servers" with "Exchange Enterprise servers"