none
Add-MailboxPermission looks at DC which is not provided in DomainController parameter (Exchange 2007) RRS feed

  • Question

  • I am creating a Mailbox-Enabled user using Powershell by programming. I have two domain controllers and a Member server where Exchange 2007 is installed. I am executing the code from my Exchange Server installed machine. I do the following operations.

    1. Create Normal user in DC-1.

    2. Enable Mailbox for the user (Using Enable-Mailbox)

    3. Add mailbox permission (Using Add-MailboxPermission). I have specified FQDN of DC-1 using the DomainController parameter.

    When I am using Add-MailboxPermission, I get an error that Active Directory Operation Failed on DC-2. Directory Object not found.

    Since the user is just created, It might have not replicated to DC-2. My problem is that why DC-2 is being used when i specify DC-1 in DomainController parameter of Add-MailboxPermission cmd-let.


    - Santron Manibharathi.

    Tuesday, December 17, 2013 9:28 AM

Answers

  • The DomainController attribute doesn't seem to work properly with Add-Mailboxpermission.

    I stopped the replication from DC-1 to DC-2. 

    Created users in DC-1. Tried setting Permissions using Add-MailboxPermission from EX-1 (My Exchange machine) by providing DC-2 as DomainController parameter. It worked properly. 

    But, my user is still not replicated to DC-2. Whereas Get-Mailbox cmd-let fails on providing DC-2 as DomainController and succeeds when passing DC-1 as DomainController.

    As a result, I had to accept it as the behavior of Exchange 2007 and wait for the user to replicate completely before using Add-MailboxPermission.

    Thank you all for spending time for me.


    - Santron Manibharathi.

    Thursday, December 26, 2013 5:19 PM

All replies

  • In step #2, did you also use the -DomainController parameter?


    --- Rich Matheisen MCSE&I, Exchange MVP

    Tuesday, December 17, 2013 5:11 PM
  • Yes I have used -DomainController parameter with same DC as given in Step 3. But I didn't get any error during the execution of Step 2.

    - Santron Manibharathi.


    Wednesday, December 18, 2013 7:21 AM
  • Hi,

    Please check whether the user is in your mailbox server: Open EMC > Recipient Configuration > Mailbox.

    If the user is there, please try running Add-MailboxPermission again without specifying DomainController parameter to check whether it works.

    Thanks,


    Winnie Liang
    TechNet Community Support

    Wednesday, December 18, 2013 8:23 AM
    Moderator
  • Yes Winnie. It works. But I want to add-mailboxpermission right after enabling-mailbox. 

    I want to point the Cmd-Let to fetch AD User from the particular DC where I create the user.


    - Santron Manibharathi.

    Wednesday, December 18, 2013 8:38 AM
  • If you add the "-Verbose" switch to the Add-MailboxPermission cmdlet does it offer any useful information?


    --- Rich Matheisen MCSE&I, Exchange MVP

    Wednesday, December 18, 2013 10:48 PM
  • Hi Santron,

    If the user is sunced both in DC-1 and DC-2, please try the following commands:

    Add-MailboxPermission -Identity "Ellen Adams" -User TedBrem -Accessright Fullaccess -DomainController DC-1 -InheritanceType all

    Add-MailboxPermission -Identity "Ellen Adams" -User TedBrem -Accessright Fullaccess -DomainController DC-2 -InheritanceType all

    Check whether the error continues. If the issue is still there, please collect any event logs for further analysis.

    Thanks,


    Winnie Liang
    TechNet Community Support



    Friday, December 20, 2013 5:45 AM
    Moderator
  • The DomainController attribute doesn't seem to work properly with Add-Mailboxpermission.

    I stopped the replication from DC-1 to DC-2. 

    Created users in DC-1. Tried setting Permissions using Add-MailboxPermission from EX-1 (My Exchange machine) by providing DC-2 as DomainController parameter. It worked properly. 

    But, my user is still not replicated to DC-2. Whereas Get-Mailbox cmd-let fails on providing DC-2 as DomainController and succeeds when passing DC-1 as DomainController.

    As a result, I had to accept it as the behavior of Exchange 2007 and wait for the user to replicate completely before using Add-MailboxPermission.

    Thank you all for spending time for me.


    - Santron Manibharathi.

    Thursday, December 26, 2013 5:19 PM