Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 558
  • Last Modified:

Create contact from ECP

I need to create contacts users from ECP, but this objects are just created in Users Container, I need to created in a new OU, when I set a different path I cannot created the object.
1 Solution
What error do you get?
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Firstly do you have rights to create an Object in other OU's ? If not it wont work.
So please check the permissions and do you get any error while doing this ?

- Rancy
soporte_synergyAuthor Commented:
I get this error:
testing.local/Users/Mark Paz  isn't within your current write scopes. Can't perform save operation.  

I create a new OU called Contacts, and I stablished that user write in this OU, however I get the mention error.
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

In Exchanger, there are role groups  (via ECP) with users, which allow them to do different things in outlook or via ECP, i.e. creating contacts. This is realized via roles, each rolegroup contains a set of roles, and with the roles are assigned the permissions to access the AD.

Such roles can allow to access any OU in the AD or even only a special OU. If your right is limited only to one OU (Users), then the correcsponding role is defined to allow contanct only in this folder.

New roles can be created via Power Shell, i.e. it is possible to copy the existing role for creating contacts and assign a different OU on it.  Then a new role group can be created (ECP) and assigned to the users.

user - role group - roles - role permissions, entities and OU assignments

There is no way as I now to change the roles, role permissions, entities and OU assigments via ECP, but possible via Power Shell.

The system for Exchange 2010 has changed to avoid the need to set permissions directly on the AD containers. This is due to a lot of issues from the past, as Exchange can not know, where permissions were changed, so the will reside here until the end.
soporte_synergyAuthor Commented:
Ok, I know it that.
I have stablished the role to create Contact users from ECP, and it works fine, but I need to create these objects in an OU different that Users container, what is the command to stablish an OU specific to create contact users from ECP?
Each managemet role entry has a parameters set and a read / write scope for configuration and recipients.

If you double click your New role group, you can see the properties, and they include...
.. the name...
.. the writing scope (default or any OU) <-- so put a path to your OU here
...the role assigments
...the member assignments

Or via Power Shell
See example 3

Yuu can see the currently assigned settings with
Get-ManagementRoleAssignment -Role "Your new role"
There you can see the read and write scopes, which may be configured to "Organization"

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now