Remove From My Forums

Delegated Admin Cannot Create Contact Objects - Effective permissions reports Create Contact Object Access

Question
0

Sign in to vote
<SOLVED - see bottom>

I'm having an issue in which an admin is unable to create contacts in AD. This admin does not have Domain Admin rights, but does have delegated rights to the OU in question. The user is also a member of the Exchange Recipient Administrators and Exchange Public Folder Administrators groups (Exchange 2007)

I have created a test account with the same permissions in order to troubleshoot this and I am able to repeat this behavior using that test account.

Effective Permissions on the OU the admin is trying to create a contact in reports that the admin has "Create Contact Object" access. I would note that the admin does not have "Delete Contact Object" access.

If I add the test admin account to the Domain Admins group, it can then create the contact object. This leads me to believe that there is an AD permission that needs to be added, but I'm not sure what it is.

What permission entry am I missing to properly delegate this out?

** FIGURED THIS OUT ALREADY, BUT I'LL POST ANYWAYS AS I COULDN'T FIND THIS DOCUMENTED ANYWHERE:

If you want to delegate Create Contact, you also MUST delegate Delete Contact or else the delegation does not work.
- Edited by Jeff.Harrison Wednesday, August 1, 2012 8:12 PM
Wednesday, August 1, 2012 8:12 PM

Answers

0

Sign in to vote
If you want to delegate Create Contact, you also MUST delegate Delete Contact or else the delegation does not work.
- Proposed as answer by Martina_Miskovic Thursday, August 2, 2012 2:53 AM
- Marked as answer by Fiona_LiaoModerator Tuesday, August 28, 2012 7:47 AM
Wednesday, August 1, 2012 8:12 PM

All replies

0

Sign in to vote
If you want to delegate Create Contact, you also MUST delegate Delete Contact or else the delegation does not work.
- Proposed as answer by Martina_Miskovic Thursday, August 2, 2012 2:53 AM
- Marked as answer by Fiona_LiaoModerator Tuesday, August 28, 2012 7:47 AM
Wednesday, August 1, 2012 8:12 PM
0

Sign in to vote
Hi Jeff,

Are you trying to create recipient in ADUC? If this is the case, it is recommended to post the question in AD forum. Your understanding would be appreciated.

Just for your reference:

http://technet.microsoft.com/en-us/library/cc778807(WS.10).aspx

If you want to create mail recipient in Exchange, is there any error message recorded? Thanks.

Fiona Liao

TechNet Community Support
- Marked as answer by Fiona_LiaoModerator Monday, August 20, 2012 10:03 AM
- Unmarked as answer by Fiona_LiaoModerator Monday, August 20, 2012 10:03 AM
Thursday, August 2, 2012 9:15 AM

Moderator