locked
Exchange 2010 Usermail box creation Fail RRS feed

  • Question

  • I have Installed AD on Window 2008 R2 Machine and than installed Exchange 2010 on same machine.

    Now i have installed Exchange Management Control on other machine which which i am creating mailbox for a user ,I am getting user don't have proper permission to create mail user.

    Please help me to know what all permission are required to the user.

    Regards,

    Tuesday, May 22, 2012 6:39 PM

Answers

  • thanks sukh for your input.
    • Marked as answer by VI123 Thursday, May 24, 2012 2:32 PM
    • Unmarked as answer by VI123 Thursday, May 24, 2012 2:32 PM
    • Marked as answer by VI123 Thursday, May 24, 2012 2:32 PM
    Thursday, May 24, 2012 2:31 PM
  • actually problem was with the permission with which services was running
    • Marked as answer by VI123 Tuesday, June 12, 2012 1:58 PM
    Sunday, May 27, 2012 5:39 PM

All replies

  • What Exchange groups is this user a member of?

    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

    Tuesday, May 22, 2012 6:54 PM
  • Related to Exchange this user is member of " Exchange security Group"
    Tuesday, May 22, 2012 7:04 PM
  • The user will either need to be a member of Recipient Management or Organisation Management to create users.  These roles can be assigned using the Exchange Control Panel.

    Steve

    Tuesday, May 22, 2012 7:06 PM
  • Not enough, need to be recipient or org management mentioned by Steve.


    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

    Tuesday, May 22, 2012 7:18 PM
  • thanks for the response

    still i am getting below error while creating mailbox

    Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

    Thnaks

    Wednesday, May 23, 2012 5:23 AM
  • Previously it was having Organization Management Group same issue was coming

    so I have given administrator both Orginization and Recipient Management Group. still no progress

    Wednesday, May 23, 2012 5:28 AM
  • Hello,

    Please go to the user properties in AD, and then click Security tab, and then click advanced and select "Include inheritable permissions from this object's parent", and click apply and ok.

    Best Regards,

    Lisa

    Wednesday, May 23, 2012 5:45 AM
    Moderator
  • i have clicked on my created orgainization -->properties-->security-->advance and check the above (Include inheritable permissions from this object's parent",) its already checked.

    :(

    Wednesday, May 23, 2012 5:49 AM
  • Are you actually using the "administrator" account? Can you use a separate non built in account?

    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

    Wednesday, May 23, 2012 2:36 PM
  • Yes I am  using the domain Administrator account
    Wednesday, May 23, 2012 2:38 PM
  • can you tell me how to create other account and what all permission is required to be given to same account.


    Wednesday, May 23, 2012 2:42 PM
  • Can you post the exact error?

    Can you perform any other task, for e,g create a connector or a mbx DB?


    Sukh

    Wednesday, May 23, 2012 2:44 PM
  • 23/2012 7:56:15 AM  <ERROR>: Class-> PowerShellExchangeServiceImpl Method -> Create, Message -> Error while creating UserMailbox for User TEST7@example.local. Message is Problem while PowerShell execution abcd.Framework.Common.Exceptions.ConnectorException: Active Directory operation failed on WIN-8RNF13ABCD.example.local. This error is not retriable. Additional information: Insufficient access rights to perform the operation.

    Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

    Wednesday, May 23, 2012 2:50 PM
  • Create a new user, put him in domain admins and exchange org admin for now. Possibly the admin account may have some hidden deny ACE somewhere in the exchange config, DB etc.

    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

    Wednesday, May 23, 2012 3:12 PM
  • How many DC/GC do you have?

    Can you check the 2080 event id in the app log?


    Sukh

    Wednesday, May 23, 2012 3:15 PM
  • we have forest structure with 3 sub domain, but as of now i am creating in top domain.

    can you tell me where to see "2080 event id in the app log"

    Wednesday, May 23, 2012 3:21 PM
  • You will find event 2080 in the application log in event viewer.

    Please open up Exchange management shell and try to create the mailbox and post the error message you get in the EMS.

    It may be issue with the remote powershell execution policy.

    Type "Get-ExecutionPolicy" to view your execution policy settings and post the output here

    Also please make sure you are logged into domain. You can verify the same by running Set u command.

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Hasnain Shaikh| My blogs: http://messagingserversupport.com

    Wednesday, May 23, 2012 3:39 PM
  • Hi

    I am getting "RemoteSigned"

    can you tell me the exact path to open this log am not bale to find the same,

    Wednesday, May 23, 2012 3:51 PM
  • event viewer>app log

    Sukh

    Wednesday, May 23, 2012 4:33 PM
  • i am not able to find the log file

    Please guide me where i need to look for this app log.

    Thursday, May 24, 2012 5:11 AM
  • 

    1. On the Start menu, point to All Programs, point to Administrative Tools, and then click Event Viewer. 2. In Event Viewer, click Application

    3. Look for ANY error and and information log with an ID of 2080



    Sukh

    Thursday, May 24, 2012 7:30 AM
  • thanks sukh for your input.
    • Marked as answer by VI123 Thursday, May 24, 2012 2:32 PM
    • Unmarked as answer by VI123 Thursday, May 24, 2012 2:32 PM
    • Marked as answer by VI123 Thursday, May 24, 2012 2:32 PM
    Thursday, May 24, 2012 2:31 PM
  • thanks sukh for your input.

    So what was the resolution?

    Sukh

    Thursday, May 24, 2012 2:44 PM
  • actually problem was with the permission with which services was running
    • Marked as answer by VI123 Tuesday, June 12, 2012 1:58 PM
    Sunday, May 27, 2012 5:39 PM