locked
Error upgrading Address Lists RRS feed

  • Question

  • When I run the Set-AddressList cmdlet on my new Exchange 2010 server, trying to upgrade the default address lists, I get the foll:owing error:

     Active Directory Operation failed........Insufficient access rights to perform this operation.......SecErr:DSID0310A45, problem 4003 (INSUFF_ACCESS_RIGHTS)

    The command I was attempting to run is:

    Set-AddressList "All Users" -IncludedRecipients MailboxUsers

     

    Tuesday, December 21, 2010 5:13 AM

Answers

  • Regarding to the error message, it can occur by incorrect permission. When trying to upgrade Address Lists, the account need to be assigned permissions before you can perform this procedure.

     

    To see what permissions you need, see the "Address lists" and "Global address lists" entries in the Mailbox Permissions article.

     

    http://technet.microsoft.com/en-us/library/dd638132.aspx

     

    Thanks.

    Novak


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Proposed as answer by Suhail.Pir Thursday, December 23, 2010 7:09 AM
    • Marked as answer by Novak Wu Tuesday, December 28, 2010 9:31 AM
    Thursday, December 23, 2010 6:44 AM

All replies

  • Looks good to me.

    In IIS, U should notice that the folder underneath OAB named d33d3462-etc-etc where the OAB resides had read only permissions set for authenticated users.  The OAB folder did not have that permission.  then U should grant authenticated users read only rights to the OAB folder and also turned off the require SSL setting.

    Then go into Outlook and if u r unable to download the OAB and any users and 1 room mailbox were there.  try turning require SSL back on for the OAB folder, but that will prevent Outlook from downloading the OAB.

    To summarize, U need to add read only permissions for authenticated users and turn off SSL for the OAB folder in IIS to solve the problem.

    do intimate me!


    Regards Shah. MCITP, MCMA, MCTS No claims (try at your own risk)
    Tuesday, December 21, 2010 8:18 AM
  • 1, Open Active Directory Users and Computers and View advanced features

    2, Find the user account for the mailbox with the issue and go to the properties of this account

    3, Go to the security tab and hit advanced

    4, Now check the box that says include inheritable permission and apply this setting.

    image

    5, Now rerun the mailbox this move, this will fail but we are just running this to obtaining the CMDLET to cancel our previous move.

    6, Run the remove request that you get displayed in the exchange console

    7, Now Re-Run the command and this will complete :)
    Regards Shah. MCITP, MCMA, MCTS No claims (try at your own risk)
    Tuesday, December 21, 2010 8:24 AM
  • Solution

    1. Open up Active Directory Users and Computers
    2. Go to the View menu, Advanced.
    3. Locate the user in AD, right click, properties.  Jump to the security tab.
    4. Click “Advanced”
    5. Click “Allow inheritable permissions from the parent to propagate to this object and all child objects. Include these with entries explicitly defined here.”
    6. Check box and apply.
    7. Click OK and OK again.
      Depending on the size of your domain/forest, replication may take some time.

    Regards Shah. MCITP, MCMA, MCTS No claims (try at your own risk)
    Tuesday, December 21, 2010 8:29 AM
  • Looks good to me.

    In IIS, U should notice that the folder underneath OAB named d33d3462-etc-etc where the OAB resides had read only permissions set for authenticated users.  The OAB folder did not have that permission.  then U should grant authenticated users read only rights to the OAB folder and also turned off the require SSL setting.

    Then go into Outlook and if u r unable to download the OAB and any users and 1 room mailbox were there.  try turning require SSL back on for the OAB folder, but that will prevent Outlook from downloading the OAB.

    To summarize, U need to add read only permissions for authenticated users and turn off SSL for the OAB folder in IIS to solve the problem.

    do intimate me!


    Regards Shah. MCITP, MCMA, MCTS No claims (try at your own risk)
    I am trying to update the address lists during a 2003 to 2010 upgrade, this doesn't really apply.
    Tuesday, December 21, 2010 12:44 PM
  • 1, Open Active Directory Users and Computers and View advanced features

    2, Find the user account for the mailbox with the issue and go to the properties of this account

    3, Go to the security tab and hit advanced

    4, Now check the box that says include inheritable permission and apply this setting.

    image

    5, Now rerun the mailbox this move, this will fail but we are just running this to obtaining the CMDLET to cancel our previous move.

    6, Run the remove request that you get displayed in the exchange console

    7, Now Re-Run the command and this will complete :)
    Regards Shah. MCITP, MCMA, MCTS No claims (try at your own risk)

    I am trying to update the address lists during a 2003 to 2010 upgrade, this doesn't really apply.
    Tuesday, December 21, 2010 12:45 PM
  • Solution

    1. Open up Active Directory Users and Computers
    2. Go to the View menu, Advanced.
    3. Locate the user in AD, right click, properties.  Jump to the security tab.
    4. Click “Advanced”
    5. Click “Allow inheritable permissions from the parent to propagate to this object and all child objects. Include these with entries explicitly defined here.”
    6. Check box and apply.
    7. Click OK and OK again.
      Depending on the size of your domain/forest, replication may take some time.

    Regards Shah. MCITP, MCMA, MCTS No claims (try at your own risk)

    I am trying to update the address lists during a 2003 to 2010 upgrade, this doesn't really apply.
    Tuesday, December 21, 2010 12:45 PM
  • Regarding to the error message, it can occur by incorrect permission. When trying to upgrade Address Lists, the account need to be assigned permissions before you can perform this procedure.

     

    To see what permissions you need, see the "Address lists" and "Global address lists" entries in the Mailbox Permissions article.

     

    http://technet.microsoft.com/en-us/library/dd638132.aspx

     

    Thanks.

    Novak


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Proposed as answer by Suhail.Pir Thursday, December 23, 2010 7:09 AM
    • Marked as answer by Novak Wu Tuesday, December 28, 2010 9:31 AM
    Thursday, December 23, 2010 6:44 AM
  • WadeKilgore, did you find a solution for this?

    I have similar error upgrading the addresslists

    Active Directory operation failed on dc3.domain.net. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
    Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
        + CategoryInfo          : NotSpecified: (0:Int32) [Set-AddressList], ADOperationException
        + FullyQualifiedErrorId : A91881C8,Microsoft.Exchange.Management.SystemConfigurationTasks.SetAddressList

    I have correct credentials for the operation according to the docs, Organization management and Enterprise admin.

    Ole Thomsen

     

    Monday, June 27, 2011 8:37 PM
  • Solved.

    My addresslists were missing security inheritance for the Exchange Trusted Subsystem

    http://blogs.technet.com/b/richardroddy/archive/2010/07/12/exchange-2010-and-the-exchange-trusted-subsystem.aspx

     

    Ole Thomsen

    Monday, June 27, 2011 9:14 PM