Solved

creating service email account permissons error

Posted on 2014-02-12
4
460 Views
Last Modified: 2014-02-12
hi,

im creating a service account for a Barracuda message archiver using this guide

http://techlib.barracuda.com/display/BMAv31/Creating%2Ban%2BEmail%2BService%2BAccount%2Bfor%2BMicrosoft%2BExchange%2BServer%2B2007%252C%2B2010%252C%2Band%2B2013#

when i try to assign the permissons using this command

Get-MailboxDatabase | Add-ADPermission -User "CUDASVC" -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin

i get the following error

Active Directory operation failed on xxxxxxxxx. This error is not retriable. Additional information: Access
is denied.
Active directory response: 00000005: SecErr: DSID-031521E1, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

    + CategoryInfo          : WriteError: (90:Int32) [Add-ADPermission], ADOperationException
    + FullyQualifiedErrorId : [Server=MAIL1,RequestId=b17cd5eb-8aa7-4a9b-b45e-98a715d1201d,TimeStamp=12/02/2014 10:23:
   30] D02A787E,Microsoft.Exchange.Management.RecipientTasks.AddADPermission
    + PSComputerName        : xxxxxxxxxx

we are using exchange 2013 and server 2012

any ideas ?
0
Comment
Question by:kungfunavs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 14

Expert Comment

by:Raj-GT
ID: 39852935
Is the service account, CUDASVC member of any protected groups like Account Admins, Domain Admins etc.?
0
 

Author Comment

by:kungfunavs
ID: 39852978
Hi Raj

no the account isnt a member of any protected groups
0
 
LVL 14

Accepted Solution

by:
Raj-GT earned 500 total points
ID: 39853014
Few more things to check.

1. Check the Advanced Security Settings page of the user object and see if the "inheritable permissions" is enabled
2. Try running EMS with a Domain Admin or an Exchange Org Admin account
3. Create a new (test) service account and see if you can run the command successfully against it
0
 

Author Comment

by:kungfunavs
ID: 39853178
thanks, i logged in with a exchange org admin account and it completed successfully
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
how to add IIS SMTP to handle application/Scanner relays into office 365.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the adminiā€¦

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question