Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

creating service email account permissons error

Posted on 2014-02-12
4
Medium Priority
?
484 Views
Last Modified: 2014-02-12
hi,

im creating a service account for a Barracuda message archiver using this guide

http://techlib.barracuda.com/display/BMAv31/Creating%2Ban%2BEmail%2BService%2BAccount%2Bfor%2BMicrosoft%2BExchange%2BServer%2B2007%252C%2B2010%252C%2Band%2B2013#

when i try to assign the permissons using this command

Get-MailboxDatabase | Add-ADPermission -User "CUDASVC" -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin

i get the following error

Active Directory operation failed on xxxxxxxxx. This error is not retriable. Additional information: Access
is denied.
Active directory response: 00000005: SecErr: DSID-031521E1, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

    + CategoryInfo          : WriteError: (90:Int32) [Add-ADPermission], ADOperationException
    + FullyQualifiedErrorId : [Server=MAIL1,RequestId=b17cd5eb-8aa7-4a9b-b45e-98a715d1201d,TimeStamp=12/02/2014 10:23:
   30] D02A787E,Microsoft.Exchange.Management.RecipientTasks.AddADPermission
    + PSComputerName        : xxxxxxxxxx

we are using exchange 2013 and server 2012

any ideas ?
0
Comment
Question by:kungfunavs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 15

Expert Comment

by:Raj-GT
ID: 39852935
Is the service account, CUDASVC member of any protected groups like Account Admins, Domain Admins etc.?
0
 

Author Comment

by:kungfunavs
ID: 39852978
Hi Raj

no the account isnt a member of any protected groups
0
 
LVL 15

Accepted Solution

by:
Raj-GT earned 2000 total points
ID: 39853014
Few more things to check.

1. Check the Advanced Security Settings page of the user object and see if the "inheritable permissions" is enabled
2. Try running EMS with a Domain Admin or an Exchange Org Admin account
3. Create a new (test) service account and see if you can run the command successfully against it
0
 

Author Comment

by:kungfunavs
ID: 39853178
thanks, i logged in with a exchange org admin account and it completed successfully
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question