ECP: 'domain.local/Users/display name' isn't within your current write scopes. Can't perform save operation.

Hello EE,

I'm trying to give a user the ability to create contact records using ECP (Exchange Server 2010 SP3, This user can modify existing records. When attempting to create a new record, the user receives:

'NECC.local/Users/displayname' isn't within your current write scopes. Can't perform save operation.

...but I don't want the contact records created in NECC.local/Users/; I want them created in "NECC.local/NECC/Users/Contacts" which is the Write Scope I gave when I created the Role Group using ECP.

For reference:

[PS] C:\Windows\system32>Get-RoleGroup "NECC - Shared Contacts Editors" |fl

RunspaceId: e9705e64-a7b5-4dd7-bc62-4c0b137cd7dc
ManagedBy: {NECC.local/Microsoft Exchange Security Groups/Organization Management, NECC.local/Users/
RoleAssignments: {Mail Recipient Creation-NECC - Shared Contacts Editors, Mail Recipients-NECC - Shared Contacts Editors}
Roles: {Mail Recipient Creation, Mail Recipients}
Members: {trust me, there are user accounts here}
SamAccountName: NECC - Shared Contacts Editors
RoleGroupType: Standard
Capabilities: {}
IsValid: True
ExchangeVersion: 0.10 (
Name: NECC - Shared Contacts Editors
DistinguishedName: CN=NECC - Shared Contacts Editors,OU=Microsoft Exchange Security Groups,DC=NECC,DC=local
Identity: NECC.local/Microsoft Exchange Security Groups/NECC - Shared Contacts Editors
Guid: d64f0c48-e302-4948-8de9-03534d3f5e1d
ObjectCategory: NECC.local/Configuration/Schema/Group
ObjectClass: {top, group}
WhenChanged: 10/7/2013 1:33:08 PM
WhenCreated: 10/7/2013 1:14:43 PM
WhenChangedUTC: 10/7/2013 5:33:08 PM
WhenCreatedUTC: 10/7/2013 5:14:43 PM
OriginatingServer: FILESERVER.NECC.local

So, how do I get role group to create contact records in "NECC.local/NECC/Users/Contacts"?

Thank you,
Who is Participating?

If they are creating contact objects thru Exchange Management Shell using the New-MailContact cmdlet, then please include the parameter -OrganizationalUnit This parameter will ensure that contacts are created in the specified OU. You have to specify the name of the OU enclosed in double quotes as a value for this parameter.

New-MailContact -Name "Chris Ashton" -ExternalEmailAddress "" -OrganizationalUnit "Marketing"

If they are creating contact objects thru Exchange Management Console, then they should specify the OU in the second step of the wizard.
nathanwcAuthor Commented:
Thank you SreRaj, but I think I made pretty clear that they're using ECP to create contacts:

"I'm trying to give a user the ability to create contact records using ECP"
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

As far as I know at this point there is no way in Exchange 2010 to change the OU that ECP uses as default for creating contacts. As you said, you can modify existing contacts in the scope you created.

Perhaps this process could help?
Create 2 blank contacts in /Users/Contacts called "new contact template 1" and "... 2"
Users can edit these using the details they would have entered into a new contact
A scheduled powershell script could be set up to check the Users/Contacts OU and count "new contact template". If the count reaches less than 2 it will create a new "new contact template" which users can then edit

What do you think?
nathanwcAuthor Commented:
Hi btassure,

If there's no way to specify where the Contacts are created, then that's the way it is and we'll work around it. Do you have any documentation for this limitation?

nathanwcAuthor Commented:
Works for me!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.