ECP: 'domain.local/Users/display name' isn't within your current write scopes. Can't perform save operation.

Hello EE,

I'm trying to give a user the ability to create contact records using ECP (Exchange Server 2010 SP3, This user can modify existing records. When attempting to create a new record, the user receives:

'NECC.local/Users/displayname' isn't within your current write scopes. Can't perform save operation.

...but I don't want the contact records created in NECC.local/Users/; I want them created in "NECC.local/NECC/Users/Contacts" which is the Write Scope I gave when I created the Role Group using ECP.

For reference:

[PS] C:\Windows\system32>Get-RoleGroup "NECC - Shared Contacts Editors" |fl

RunspaceId: e9705e64-a7b5-4dd7-bc62-4c0b137cd7dc
ManagedBy: {NECC.local/Microsoft Exchange Security Groups/Organization Management, NECC.local/Users/
RoleAssignments: {Mail Recipient Creation-NECC - Shared Contacts Editors, Mail Recipients-NECC - Shared Contacts Editors}
Roles: {Mail Recipient Creation, Mail Recipients}
Members: {trust me, there are user accounts here}
SamAccountName: NECC - Shared Contacts Editors
RoleGroupType: Standard
Capabilities: {}
IsValid: True
ExchangeVersion: 0.10 (
Name: NECC - Shared Contacts Editors
DistinguishedName: CN=NECC - Shared Contacts Editors,OU=Microsoft Exchange Security Groups,DC=NECC,DC=local
Identity: NECC.local/Microsoft Exchange Security Groups/NECC - Shared Contacts Editors
Guid: d64f0c48-e302-4948-8de9-03534d3f5e1d
ObjectCategory: NECC.local/Configuration/Schema/Group
ObjectClass: {top, group}
WhenChanged: 10/7/2013 1:33:08 PM
WhenCreated: 10/7/2013 1:14:43 PM
WhenChangedUTC: 10/7/2013 5:33:08 PM
WhenCreatedUTC: 10/7/2013 5:14:43 PM
OriginatingServer: FILESERVER.NECC.local

So, how do I get role group to create contact records in "NECC.local/NECC/Users/Contacts"?

Thank you,
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


If they are creating contact objects thru Exchange Management Shell using the New-MailContact cmdlet, then please include the parameter -OrganizationalUnit This parameter will ensure that contacts are created in the specified OU. You have to specify the name of the OU enclosed in double quotes as a value for this parameter.

New-MailContact -Name "Chris Ashton" -ExternalEmailAddress "" -OrganizationalUnit "Marketing"

If they are creating contact objects thru Exchange Management Console, then they should specify the OU in the second step of the wizard.
nathanwcAuthor Commented:
Thank you SreRaj, but I think I made pretty clear that they're using ECP to create contacts:

"I'm trying to give a user the ability to create contact records using ECP"
As far as I know at this point there is no way in Exchange 2010 to change the OU that ECP uses as default for creating contacts. As you said, you can modify existing contacts in the scope you created.

Perhaps this process could help?
Create 2 blank contacts in /Users/Contacts called "new contact template 1" and "... 2"
Users can edit these using the details they would have entered into a new contact
A scheduled powershell script could be set up to check the Users/Contacts OU and count "new contact template". If the count reaches less than 2 it will create a new "new contact template" which users can then edit

What do you think?
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

nathanwcAuthor Commented:
Hi btassure,

If there's no way to specify where the Contacts are created, then that's the way it is and we'll work around it. Do you have any documentation for this limitation?


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nathanwcAuthor Commented:
Works for me!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.