Solved

creating service email account permissons error

Posted on 2014-02-12
4
450 Views
Last Modified: 2014-02-12
hi,

im creating a service account for a Barracuda message archiver using this guide

http://techlib.barracuda.com/display/BMAv31/Creating%2Ban%2BEmail%2BService%2BAccount%2Bfor%2BMicrosoft%2BExchange%2BServer%2B2007%252C%2B2010%252C%2Band%2B2013#

when i try to assign the permissons using this command

Get-MailboxDatabase | Add-ADPermission -User "CUDASVC" -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin

i get the following error

Active Directory operation failed on xxxxxxxxx. This error is not retriable. Additional information: Access
is denied.
Active directory response: 00000005: SecErr: DSID-031521E1, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

    + CategoryInfo          : WriteError: (90:Int32) [Add-ADPermission], ADOperationException
    + FullyQualifiedErrorId : [Server=MAIL1,RequestId=b17cd5eb-8aa7-4a9b-b45e-98a715d1201d,TimeStamp=12/02/2014 10:23:
   30] D02A787E,Microsoft.Exchange.Management.RecipientTasks.AddADPermission
    + PSComputerName        : xxxxxxxxxx

we are using exchange 2013 and server 2012

any ideas ?
0
Comment
Question by:kungfunavs
  • 2
  • 2
4 Comments
 
LVL 14

Expert Comment

by:Raj-GT
ID: 39852935
Is the service account, CUDASVC member of any protected groups like Account Admins, Domain Admins etc.?
0
 

Author Comment

by:kungfunavs
ID: 39852978
Hi Raj

no the account isnt a member of any protected groups
0
 
LVL 14

Accepted Solution

by:
Raj-GT earned 500 total points
ID: 39853014
Few more things to check.

1. Check the Advanced Security Settings page of the user object and see if the "inheritable permissions" is enabled
2. Try running EMS with a Domain Admin or an Exchange Org Admin account
3. Create a new (test) service account and see if you can run the command successfully against it
0
 

Author Comment

by:kungfunavs
ID: 39853178
thanks, i logged in with a exchange org admin account and it completed successfully
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question