Project Server 2010 and ms-Exch-EPI-May-Impersonate issue for Domain Admin Accounts RRS feed

  • Question

  • Hi,

    we have recently installed Project 2010 Server and Sharepoint 2010 Server in an environment that also runs Exchange 2010. Everything seems to be ok but we have an issue with Project users and synchronizing tasks with Exchange. I have followed :  Configure Project Server 2010 to work with Exchange Server 2010

    As we have a number of CAS servers I had to run the following commands:

    $CAS = get-exchangeserver | where {$_.Serverrole -match "CLIENTACCESS"}

     $CAS | foreach-object {Add-ADPermission -Identity $_.DistinguishedName -User (Get-User -Identity mydomain\farmadmin | select-object).identity -extendedRights ms-Exch-EPI-Impersonation}

     Add-ADPermission -Identity "CN=John Smith,OU=Projects,DC=mydomain,DC=Loc" -User mydomain\farmadmin -extendedRights ms-Exch-EPI-May-Impersonate

    This user, John Smith, was able to sync tasks with Exchange but when I tried to run the same ms-Exch-EPI-May-Impersonate command for a user who is part of the Domain Admins Group I get this error:

    Active Directory operation failed on dcserver1.mydomain.loc. This error is not retriable. Additional information: Acce
    ss is denied.
    Active directory response: 00000005: SecErr: DSID-03151E04, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
        + CategoryInfo          : WriteError: (0:Int32) [Add-ADPermission], ADOperationException
        + FullyQualifiedErrorId : DAE4D15D,Microsoft.Exchange.Management.RecipientTasks.AddADPermission

    I assume this is similiar to an issue with assiging the Send As permission to anyone with Admin rights. Has anyone come across this problem with their Project/Exchange?

    Thursday, June 28, 2012 11:27 AM


All replies