Solved

X64 2008 Server missing "SACL right"

Posted on 2008-10-20
4
1,885 Views
Last Modified: 2010-04-21
How do I add the "SACL right" to my X64 2008 Domain Controller?  

Domain has 7 2003 R2 DC's and one X64 2008 DC.  All are global catiloge servers.
Exchange 2003 SP2 running on a 2003 R2 member server.

From the Exchange server log...

Process INETINFO.EXE (PID=1240). DSAccess has discovered the following servers with the following characteristics:
 (Server name | Roles | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
In-site:
dc01fin.Raygraham.org      CDG 7 7 1 0 1 1 7 1
DC08FIN.Raygraham.org      CDG 7 7 1 0 0 1 7 1
 Out-of-site:
dc01eld.Raygraham.org      CDG 7 7 1 0 1 1 7 1
dc01han.Raygraham.org      CDG 7 7 1 0 1 1 7 1
dc01lis.Raygraham.org      CDG 7 7 1 0 1 1 7 1
dc01lom.Raygraham.org      CDG 7 7 1 0 1 1 7 1
dc01ful.Raygraham.org      CDG 7 7 1 0 1 1 7 1
dc01slc.Raygraham.org      CDG 7 7 1 0 1 1 7 1

Please note: "DC08FIN.Raygraham.org      CDG 7 7 1 0 0 1 7 1"  this is my 2008 server and is missing SACL rights.
 
Aditional Facts:
-All DC's have been restarted
-Have rerun both Forestprep and Domainprep form the Exchange 2003 member server

Any ideas woud be great.  Thanks
0
Comment
Question by:JAVidmar
  • 2
4 Comments
 
LVL 33

Accepted Solution

by:
Exchange_Geek earned 500 total points
ID: 22762435
Wish i could think of something quick, however all i can suggest is

1) DIsable IPv6 on W2k8 box for a while
2) Check for replication errors (if any) on W2k8 box.
3) The most usual step - check for manage auditing and security rights membership from w2k8 box and dc01fin.

4) If possible please reboot w2k8 box so that Exchange pulls up new information forced by reboot of this box.

0
 
LVL 9

Expert Comment

by:abdulzis
ID: 22764669
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 22764900
The information of ntSecurityDescriptor should have been populated by running domain prep.

"DSAccess does not use any domain controller that does not have permissions to read the SACL on the nTSecurityDescriptor attribute in the domain controller. You must have at least one server that satisfies each role (C, D, or G), that is reachable for that role (the appropriate bit flag connected by an OR value in the Reachability column), and that shows 1 in the SACL right column. If you do not have these servers, confirm that the domain controller that shows 0 in the SACL right column has been domain-prepped, and then confirm that your Recipient Update Services are configured properly."

http://support.microsoft.com/kb/316300

However, the steps outlined in the post above can be checked - well written blog.
0
 

Author Closing Comment

by:JAVidmar
ID: 31507998
Setting the manage auditing and security rights and restarting all DC's resolved the issue.  Thanks Exchange Geek.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now