Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange 2007 schema update prevents RUS working

Posted on 2009-07-02
3
Medium Priority
?
992 Views
Last Modified: 2012-05-07
Hi

We've recently started to build an Exchange 2007 deployment as part of a coexistence model with Exchange 2003. So far, we've done the necessary steps beforehand (i.e. preparedomain, legacypermissions, preparead), and it all seemed to go through ok and replicate.

Now however, we have a problem when still creating accounts day to day that have a mailbox on the Exchange 2003 server. It will create the mailbox, however it won't create an entry in the global address list, and the 'email addresses' tab is empty of all information.

I have been searching all day, and have come up to a dead end all the time, using permissions and ADSIEdit to make changes with no avail. There's not much in the eventlog, apart from a few of these messages:

Event Type:      Error
Event Source:      MSExchangeAL
Event Category:      LDAP Operations
Event ID:      8270
Date:            02/07/2009
Time:            14:58:11
User:            N/A
Computer:      Mailserver1
Description:
LDAP returned the error [32] Insufficient Rights when importing the transaction
dn: <GUID=F9978D4F3374194EA15D8B7B1484D251>
changetype: Modify
showInAddressBook:
:<>
msExchUserAccountControl:2
msExchALObjectVersion:328
objectGUID:F9978D4F3374194EA15D8B7B1484D251
-
 DC=xxxxxxx,DC=lan

For more information, click http://www.microsoft.com/contentredirect.asp.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.




Event Type:      Error
Event Source:      MSExchangeAL
Event Category:      LDAP Operations
Event ID:      8022
Date:            02/07/2009
Time:            14:58:11
User:            N/A
Computer:      Mailserver1
Description:
LDAP Modify on directory DC01.xxxxxxxx.lan for entry '<GUID=F9978D4F3374194EA15D8B7B1484D251>' was unsuccessful with error:[0x32] Insufficient Rights [ 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
 ].  DC=xxxxxxx,DC=lan

For more information, click http://www.microsoft.com/contentredirect.asp.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I'm convinced it's a simple fix, but I can't for the life of me find it. I found this post at eventid:

It turns out the exchange domain servers group did not have full control over the recipient update service even though in exchange system manager I could change it to full control (when I did change it, it would snap back to special access after a few hours). Exchange system manager and the actual schema were not in sync. Per M259221, I had to add a registry entry to the RUS schema via ADSI Edit waited about an hour until it populated (and it only populated on one DC BTW) then within ADSI Edit granted the exchange domain servers full control of RUS and the errors disappeared"

But doesn't make much sense. This is meaning any new accounts cannot attach to their mailbox even though it exists. Please can anyone help??!
0
Comment
Question by:cormack12
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 1

Expert Comment

by:sujmatp
ID: 24769624
Got to start
Run=> dsacls "dc=domain,DC=com"
Check for following permission
====================================
Allow AEGCHINA\Exchange Enterprise Servers        SPECIAL ACCESS for groupType
                                                  WRITE PROPERTY
Allow AEGCHINA\Exchange Enterprise Servers        SPECIAL ACCESS for displayName
                                                  WRITE PROPERTY
Allow AEGCHINA\Exchange Enterprise Servers        SPECIAL ACCESS for Public Information
                                                  WRITE PROPERTY
Allow AEGCHINA\Exchange Enterprise Servers        SPECIAL ACCESS for Personal Information
                                                  WRITE PROPERTY
Allow AEGCHINA\Exchange Enterprise Servers        SPECIAL ACCESS for Exchange Information
                                                  WRITE PROPERTY
Allow AEGCHINA\Exchange Enterprise Servers        SPECIAL ACCESS for displayName


Allow AEGCHINA\Exchange Enterprise Servers        Manage Replication Topology
==========================================================

*if you are missing any of these permission then try to update the permission using following example. E.g Exchange Information permission is missing...
Got to start=> Run
Dsacls "dc=domain,dc=com" /I:T /G "AEGCHINA\Exchange Enterprise Servers:WP;Exchange Information;"
**************************
IF you get error

====================
No GUID Found for Exchange
The paramerter is incorrect
====================

Then run setup.com /preparelegacyexchangepermissions, /preparead using exchange 2007 installation files and then run the following command Dsacls "dc=domain,dc=com" /I:T /G "AEGCHINA\Exchange Enterprise Servers:WP;Exchange Information;" from run prompt.

This should fix your RUS problem.
0
 
LVL 1

Accepted Solution

by:
sujmatp earned 2000 total points
ID: 24769639
AEGCHINA was the domain for the lab on which i ran the command. So it should be domain whereever it says AEGCHINA.
Apologize for the mistake!!!
0
 

Author Closing Comment

by:cormack12
ID: 31599205
Thanks - worked great, only had two special permissions in there :)
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question