Link to home
Create AccountLog in
Avatar of lilo818
lilo818

asked on

new account has no e-mail address and no Exchange information appears in the dialog box

Hi Experts

i m now implementing Exchange 2003 server at our organization and i encountered a problem . hope you ill help me .

the Problem Is :
After successful User Account and Mailbox creation, i  have  noticed that the new account has no e-mail address and no Exchange information appears in the dialog box. You  waitted  a few minutes or manually Update/ Rebuild the Recipient Update  Service (both My Exchange and Enterprice ) . i still could not see e-mail information. I really got mixed , what will i do now .

You can see error Logs bellow :

Description :
Failed to read attribute msExchUserAccountControl from Active Directory for /o=Gbank/ ou=First Administrator Group /cn=Recipiants/cn=kadirbek (my user name)

Description :
Logon failure in database "First Storage Group\Mailbox Store (exchange001)" - Windows 2000 Account GBANKLOCAL\kadirbek; mailbox /o=Gbank/ ou=First Administrator Group /cn=Recipiants/cn=kadirbek
Error 2147467259

... ... and more

Avatar of abhaigh
abhaigh
Flag of United Kingdom of Great Britain and Northern Ireland image

did you use mailmig /m (clone mode) to stamp the legacyechangedn from the old system onto the mailbox in the new system?

hace you tried to manually create the smtp, x400 and x500 addresses?
Avatar of lilo818
lilo818

ASKER

Hope following log file will help you to solve it  ...
I got that there is a securoty problem , but i donnt know to where i go to fix it  ..

-------------  LOG ---------
LDAP returned the error [32] Insufficient Rights when importing the transaction
dn: <GUID=EBBD5093E79617498FA4DE4D087E2B6D>
changetype: Modify
showInAddressBook:add:CN=All Users,CN=All Address Lists,CN=Address Lists Container,CN=Golomtbank,CN=Mi...
: CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Cont...
mail:localmail@domain.local
textEncodedORAddress:c=US;a= ;p=Golomtbank;o=Exchange;s=localmail;
proxyAddresses:X400:c=US;a= ;p=Golomtbank;o=Exchange;s=localmail;
: SMTP:localmail@domain.local
msExchPoliciesIncluded:add:{0F62E9E9-D009-455A-BE81-B2329A2CE0D4},{26491CFC-9E50-4857-861B-0CB8DF22B5D7}
msExchUserAccountControl:0
msExchALObjectVersion:48
objectGUID:EBBD5093E79617498FA4DE4D087E2B6D
-
 DC=domain,DC=local

For more information, click http://www.microsoft.com/contentredirect.asp.
Avatar of lilo818

ASKER

i found a hint for the solution ,
it s that when i give Full permission to Tree exchange groups ( i dont remember exact  names ) on newly created user accounts, then e-mail information were updated successfully .
Even i give full access with child inheritance   to these groups on Organizational Unit where e-mails would  be enabled , the permission will not be reflected  on the accounts .

How will i fix the permission problem , so i thinks will go as it s

Thank you
from the error noted above - the permissions of the account you were using aren't sufficient to do the import

have you granted Exchange Domain Servers modify permissions on the parent OU?
Avatar of lilo818

ASKER

Thank you for your reply ,

it s live environement  .   The network stracture is that  we have 3 DCs and  3 Member servers .
Exchange 2003 EE was installed successfully one of the member servers , other Application (LCS, SQL, SharePoint) are running other Member servers .

I started out accroding to Log file  ...
-----
DAP returned the error [32] Insufficient Rights when importing the transaction
dn: <GUID=EBBD5093E79617498FA4DE4D087E2B
6D>
......
-----------------

Since i saw Insufficient Rights, i gave Full control Permission for each users  ... in this case they can update e-mail information from RUS . In other way, no changes happened at e-mail attributes .
Actually , i did domain prep many times,   it was not working  ...

My Current account is Domain Administrator , i think it should be enough  ...
but this is certainly that RUS is not able to update Email Policy Information  ....
Whoever controlling the RUS  has limited right , but i dont know from where can i give full control  ...

Thank you,
I'd be looking at your account properties under ADSIEdit

check that your msExchUserAccountControl attribute is set (all the accounts I can see show it to be set to an integer value of 0)
Avatar of lilo818

ASKER

2 abhaigh, than you for your reply
but i still have following  error ...  i m really mixed up ,
the problem is  that,  Exchange  enterprise server group permission over OU is not inheriting  child objects, when i force  this group full access permission on a newly created user, then that user is able to update e-mail informations .
i cant do this process for all users, because we have about 500 users registered in AD ,
Please help me  and see the log file sbelow
-----------------
LDAP returned the error [32] Insufficient Rights when importing the transaction
dn: <GUID=44F277C3B4A07D4EA1329EBE92308F60>
changetype: Modify
showInAddressBook:add:CN=All Users,CN=All Address Lists,CN=Address Lists Container,CN=Golomt Bank,CN=M...
: CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Cont...
mail:baatar@golomtbank.local
textEncodedORAddress:c=US;a= ;p=Golomt Bank;o=Exchange;s=Tsolmon;g=Baatar;
proxyAddresses:X400:c=US;a= ;p=Golomt Bank;o=Exchange;s=Tsolmon;g=Baatar;
: SMTP:baatar@golomtbank.local
msExchPoliciesIncluded:add:{870DD633-6F87-4CEF-8E94-9B1446F46F94},{26491CFC-9E50-4857-861B-0CB8DF22B5D7}
msExchUserAccountControl:0
msExchALObjectVersion:49
objectGUID:44F277C3B4A07D4EA1329EBE92308F60
-
 DC=golomtbank,DC=local

For more information, click http://www.microsoft.com/contentredirect.asp.
-----------------------------
this is worning

-----------
The service could not update the entry 'CN=Administrator,OU=Servers,DC=golomtbank,DC=local' because inheritable permissions are not propagated to this object. The inheritable permissions may be disabled because the object belongs to a Windows 2000 administrative group or the inheritable permissions were disable explicitly by an administrator. DC=golomtbank,DC=local

For more information, click http://www.microsoft.com/contentredirect.asp.
compare the permissions on OU=Servers,DC=golomtbank,DC=local and CN=Administrator,OU=Servers,DC=golomtbank,DC=local as the error is pointing to the permissions on CN=Administrator,OU=Servers,DC=golomtbank,DC=local not being inherited properly from the parent OU

perhaps inheritance has been disabled on that container?
Avatar of lilo818

ASKER

inheritance is enabled on OU where e-mail will be enabled , but OU permission will not being inherited from OU to Users .

 This is the problem ,   we have been using 4 Domain Controller and Exchange s installed a Member server . On more question, if we install exchange on one of the DCs ,  will the problem be solved  ?

thank you
probably not - and installing Exchange onto a DC is not the best thing to do. Yes, you can do it, I've done  it myself in a few cases, but it isn't optimal

and while inheritance might be enabled on the OU, is it enabled on the CN itself? The CN might be set to block inheritance
ASKER CERTIFIED SOLUTION
Avatar of lilo818
lilo818

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account