Solved

creating service email account permissons error

Posted on 2014-02-12
4
465 Views
Last Modified: 2014-02-12
hi,

im creating a service account for a Barracuda message archiver using this guide

http://techlib.barracuda.com/display/BMAv31/Creating%2Ban%2BEmail%2BService%2BAccount%2Bfor%2BMicrosoft%2BExchange%2BServer%2B2007%252C%2B2010%252C%2Band%2B2013#

when i try to assign the permissons using this command

Get-MailboxDatabase | Add-ADPermission -User "CUDASVC" -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin

i get the following error

Active Directory operation failed on xxxxxxxxx. This error is not retriable. Additional information: Access
is denied.
Active directory response: 00000005: SecErr: DSID-031521E1, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

    + CategoryInfo          : WriteError: (90:Int32) [Add-ADPermission], ADOperationException
    + FullyQualifiedErrorId : [Server=MAIL1,RequestId=b17cd5eb-8aa7-4a9b-b45e-98a715d1201d,TimeStamp=12/02/2014 10:23:
   30] D02A787E,Microsoft.Exchange.Management.RecipientTasks.AddADPermission
    + PSComputerName        : xxxxxxxxxx

we are using exchange 2013 and server 2012

any ideas ?
0
Comment
Question by:kungfunavs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 14

Expert Comment

by:Raj-GT
ID: 39852935
Is the service account, CUDASVC member of any protected groups like Account Admins, Domain Admins etc.?
0
 

Author Comment

by:kungfunavs
ID: 39852978
Hi Raj

no the account isnt a member of any protected groups
0
 
LVL 14

Accepted Solution

by:
Raj-GT earned 500 total points
ID: 39853014
Few more things to check.

1. Check the Advanced Security Settings page of the user object and see if the "inheritable permissions" is enabled
2. Try running EMS with a Domain Admin or an Exchange Org Admin account
3. Create a new (test) service account and see if you can run the command successfully against it
0
 

Author Comment

by:kungfunavs
ID: 39853178
thanks, i logged in with a exchange org admin account and it completed successfully
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question