Delegate specific domain user to do add/remove hardware&software, join to domain feature only.

Similar Messages

• User can't access detail Hardware/Software Inventory

  What right or permission do I need to give so that a user can access the detailed Hardware/Software inventory of a computer? I don't want them to be able to add or modify computer properties.
  It's currently grayed out for the user.
  Jim

  jwebb,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://forums.novell.com/

• Want to configure a GPO "Stop (domain) users [having admin rights] from installing software"

  Want to configure a GPO "Stop (domain) users [having admin rights for some particular users]  from installing/uninstalling software"
  Requirements :-
  1. Domain user should not be allowed to install/uninstall any software's. Rest all the actions can be performed by the user like an administrator can do.
  Please suggest if possible then how can I implement the same.

  Hi Amar Chand,
  You can do so by using certain Group Policy settings to control the behavior of the Windows Installer, prevent certain programs from running or restrict via the Registry Editor. The Windows Installer, msiexec.exe, previously known as Microsoft Installer,
  is an engine for the installation, maintenance, and removal of software on modern Microsoft Windows systems.
  You can try the following method to resolve this issue:
  Method 1: Disable or restrict the use of Windows Installer via Group Policy
  Open “GPMC”, create a GPO linked to the correct scope. You can refer to this article
  Create a new Group Policy object.
  Right-click it, click Edit, and then navigate to
  Computer Configuration/Policies/Windows Components/Windows Installer.
  In RHS pane double-click on Disable windows installer.
  Click Enable and configure the option as required. "Always "option indicates that Windows Installer is disabled.
  This setting affects Windows Installer only. It does not prevent users from using other methods to install and upgrade programs.
  Click Apply to save this configuration.
  Run gpupdate /force on the clients. 
  For your information, please refer to the following article to get more help:
  Managing options for computers through Group Policy
  http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_wininstall_group_policy_computers.mspx?mfr=true
  Method 2: Restrict Programs from being installed via Registry Editor
  Open Registry Editor and navigate to the following key: HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer\DisallowRun
  Create String value with any name, like 1 and set its value to the program’s EXE file.
  e.g., If you want to restrict msiexec, then create a String value
  1 and set its value to msiexec.exe. If you want to restrict more programs, then simply create more String values with names 2, 3 and so on and set their values to the program’s exe.
  Note: You may have to restart your computer.
  In addition, if you choose this method, you could deploy the registry configuration via GPO. Please refer to the following article:
  Configure a Registry Item
  http://technet.microsoft.com/en-us/library/cc753092.aspx
  Regards,
  Lany Zhnag

• Cannot connect to SERVER. Login failed for user 'DOMAIN\user'. (Microsoft SQL Server, Error 18456) - SQL Server 2012 on Windows Server 2008 R2

  I've seen multiple blogs and forums with similar problems and SQL 2012 or 2008. But no solutions that work for me.
  I have installed SQL Server in mixed mode (SQL and Windows authentication). I can create new Login accounts in either mode. However, I cannot get an AD security group Login account to work. I am trying to add group 'DOMAIN\Domain Admins' or 'SERVER\Administrators'
  as a Login so that any of the domain's administrator accounts can open SQL Server Management Studio and act as an 'sa' account on this server.
  I have deleted the SQL account 'DOMAIN\Domain Admins'.
  I have restarted SQL.
  I have restarted the Win2K8r2 server.
  I have launched SSMS as Administrator from the desktop of SERVER.
  I have launched SSMS as another user (and used 'DOMAIN\user' to lauch it) from the desktop of SERVER.
  I can create a login account named 'DOMAIN\user' (who happens to be a member of the 'DOMAIN\Domain Admins' group) and give this account 'sa' security, and when I do that, this account works as expected...
  How do I add a security group as a Login account and give all members of that group the ability to be an 'sa' account?

  Hi geoperkins,
  Are you getting the following error message?
  Error: 18456, Severity: 14, State: 11
  Login failed for user <Domain\user>. Reason: Token-based server access validation failed with an infrastructure error.
  If that is the case, the issue could be due to that the Windows login has no profile or that permissions could not be checked due to UAC. Please disable UAC firstly and check if it is successful to log in SQL Server.
  Another reason could be that the domain controller could not be reached. You may need to resort to re-creating the login. Create a new group in AD, add users to the new group, then add the group to the local admin group and create login for the group in SQL
  Server.
  There is a connect item describing similar issue for your reference.
  https://connect.microsoft.com/SQLServer/feedback/details/680705/cant-login-to-sql-using-windows-authentication-when-user-is-in-a-domain-security-group
  For more details about above error, please review the following blog.
  http://sqlblogcasts.com/blogs/simons/archive/2011/02/01/solution-login-failed-for-user-x-reason-token-based-server-access-validation-failed-and-error-18456.aspx
  Thanks,
  Lydia Zhang
  Lydia Zhang
  TechNet Community Support

• SDK service using domain user trying to set SPN for computer account

  I have a SDK service running under a domain user account, but it tries to register the SPN for the computer account of the machine?!
  Therefore I get the following alert: 
  The System Center Data Access service failed to register an SPN. A domain admin needs to add MSOMSdkSvc/WIN-9IAJC0HS9RJ and MSOMSdkSvc/WIN-9IAJC0HS9RJ.domainxx.local to the servicePrincipalName of CN=WIN-9IAJC0HS9RJ,CN=Computers,DC=domainxx,DC=local
  Which makes sense because it has not the permissions to do that.
  When I make the domain user account member of domain admins it has the concerning permissions and it indeed registers that SPN to the computer account. But why?? The SPN should be registered to the domain user account instead (and therefore I had given the
  domain user account the read/write permissions to itself to do that).
  I have the following SPN registered now for the computer and domain user account:
  setspn -l WIN-9IAJC0HS9RJ
  Registered ServicePrincipalNames for CN=WIN-9IAJC0HS9RJ,CN=Computers,DC=domainxx
  DC=local:
          MSOMSdkSvc/WIN-9IAJC0HS9RJ
          MSOMSdkSvc/WIN-9IAJC0HS9RJ.domainxx.local
          MSOMHSvc/WIN-9IAJC0HS9RJ
          MSOMHSvc/WIN-9IAJC0HS9RJ.domainxx.local
          TERMSRV/WIN-9IAJC0HS9RJ
          TERMSRV/WIN-9IAJC0HS9RJ.domainxx.local
          WSMAN/WIN-9IAJC0HS9RJ
          WSMAN/WIN-9IAJC0HS9RJ.domainxx.local
          RestrictedKrbHost/WIN-9IAJC0HS9RJ
          HOST/WIN-9IAJC0HS9RJ
          RestrictedKrbHost/WIN-9IAJC0HS9RJ.domainxx.local
          HOST/WIN-9IAJC0HS9RJ.domainxx.local
  setspn -l domainxx\omdas
  Registered ServicePrincipalNames for CN=OMDAS,CN=Users,DC=domainxx,DC=local:
  none for this account
  I don't get it. Anyone?
  I am using SCOM 2012 R2
  Pls help.
  Thanx in advance.
  Regards
  Chris

  SCOM SDK service really tries to set its SPN to the computer account (although the SDK service is running using a domain user account). The alert is no bug!
  I know this for sure because I gave the SDK service permission to do it - by making the domain user account member of the domain admins security group - and it indeed sets the SPN on the computer account.
  The latter is the actual bug I would say! It should try to set the SPN for the domain user account the sdk service is running with.
  Then again, nog having the SPN been set correctly to this domain user account, does not seem to bother SCOM at all indeed. Perhaps it uses NTLM instead in this scenario.
  Can anyone comfirm?

• Equivalent to "Add/Remove Programs" aka "Programs and Features" Controls???

  WHEN will Apple finally get around to adding an equivalent thing to Windows' "Add/Remove Programs" (XP) aka "Programs and Features" (Vista) Control Panel???
  I am looking to uninstall some software from my computer. But only God knows where the installer has stashed files all over my drive! I don't want to leave behind a single preferences file or extension.
  Is there some easy way in Mac to do this? In Windows you just go to "Add/Remove Program" and you can uninstall every last shred or trace of that software. But in the Mac... there's about four or five major places to look, but how can you know if it installed something in a hidden directory in the Unix directories somewhere??

  drdocument, I respectfully, completely disagree with you.
  The average Mac user has no clue as to what the Library folder is for. Nor would they be able to sort through it all to find the five locations where the tons of crap might be stored.
  Lets take several examples. Here's some programs that I have installed that are quite typical of Mac users:
  Garage Band
  iTunes
  Adobe CS3
  Microsoft Office
  NONE of these programs can be deleted easily. Garbage Band stores its garbage in numerous unintuitive places:
  /Users/me/Music/Garageband
  /Library/Audio/Plug-ins
  /Library/Application Support/Garage Band/
  /Users/me/Library/Preferences/
  Further, it's not always clear whether the files you are deleting are used by just one application, or multiple applications from that same company (or even other companies). I often feel unsure if I'm deleting something from /Library/Audio/Plug-ins or /Library/Application Support/Adobe because... is it used only by Photoshop? What if I just wanted to uninstall InDesign and I no longer have the original install disk because, lets say, I sold it?
  It should not fall upon the user to play sleuth and hunt down the myriad places that these apps store things on the drive!!!
  There should be an EASY Control Panel in System Preferences that lets you uninstall any program off your drive. I seriously don't think that this would hamper application development or make the system run slower or be kludgy. Besides, when has Apple ever taken the path of making things harder on users because they were afraid by making it easier, it would slow down the computer???
  If anything the opposite has always been true.
  Even a shareware app that just has one application file and no other files on the drive should be able to be uninstalled with confidence by a control panel. Since, how do you KNOW it didn't put another file somewhere, even a preferences file? God only knows how many preferences files are on my drive that I don't need because they never got erased when I uninstalled the app. It would take me days to comb through that mess, especially since the arcane and unintuitive preference file naming scheme used by OS X does not use plain english but rather uses ridiculous un-Mac-like names like "com.unsanity.hoseyoursystem.preference"... whatever happened to "Microsoft Word Preferences" and "Adobe Photoshop Preferences" -- nice Mac-like filenames?!?!??!
  I'm tired of the PC-ization of the Mac, the further and further making it more complicated, having apps store more crap in more different places. Having multiple Library folders is just a nightmare from an ease-of-use standpoint, though I know it's necessary for a multi-user OS. But there ought to be a way to have a "single-user" mode that would eliminate the Users directory all together and just store everything at the root level of the HD, rather than having all my documents buried 10 levels deep into the drive.
  Anyway the point is you are wrong. The way it is set up makes it harder on users -- even seasoned users like me -- when we want to cleanly uninstall an application with confidence. It means tons of extra time sifting through the labrynthine unix crap. I hate it! Where has "user friendly" gone??
  Besides I would never trust a third-party shareware program to uninstall things. How would i know that it knew what to do? Plus it adds extra expense to the OS, for a feature that has been standard on Windows for what seems like 10 years!
  When will we finally get this feature? 2020?

• Add Remove Subject Area greyed out in Answers

  Hi,
  I am using Obiee 11g and want to create a report from two subject areas with a common dimension. Unfortunately the Add / Remove Subject area button (the one with the - usually green - cross) in the subject areas pane.
  Any idea why ?
  Thanks,
  Knut

  Hi,
  No. its by defaults its working fine. in our obiee11.1.1.5.0 versions there are two add/remove subject areas
  1)
  The text "Add/RemoveSubject Area" is the tooltip for the encircled button.
  screen short ref:
  https://pzt.me/dx/img/5/i/9/5i9f.png
  Add/Remove Subject Areas — This button is available only if one or more related subject areas are available and you have permission to access them. Use this button to display the "Add/Remove Subject Areas dialog", from which you can add or remove related subject areas.
  2) Multiple subject (Add/Remove Subject Areas)
  check the sample screen short of mine...
  http://imageshare.web.id/images/9beyx9w4dc669bq8p2i.jpg
  multiple subject are are below of save as (i.e: its selected colmns pane/section right side)
  button u can see plus /minus simbol here u just select then u can add it multiple subject area
  Refer:
  http://oraclebiee11g.blogspot.com/2011/01/querying-across-multiple-subject-areas.html?m=1
  Thanks
  Deva

• [SOLVED]winbind ... Error looking up domain users

  I have followed the Active Directory intergration Wiki to the letter, but stuck at the winbind section when i do i wbinfo -u or  i get Error looking up Domain users or domain groups....
  [gigabyteme@wkstn1-arch ~]$ sudo wbinfo -u
  [sudo] password for gigabyteme:
  Error looking up domain users
  [gigabyteme@wkstn1-arch ~]$ wbinfo -u
  Error looking up domain users
  [gigabyteme@wkstn1-arch ~]$ wbinfo -g
  failed to call wbcListGroups: WBC_ERR_WINBIND_NOT_AVAILABLE
  Error looking up domain groups
  [gigabyteme@wkstn1-arch ~]$
  Here is my krb.conf file....
  [libdefaults]
  default_realm = CLICK-IT.CA
  clockskew = 300
  ticket_lifetime = 1d
  forwardable = true
  proxiable = true
  dns_lookup_realm = true
  dns_lookup_kdc = true
  [realms]
  CLICK-IT.CA = {
  kdc = CITADSVR01.CLICK-IT.CA
  admin_server = CITADSVR01.CLICK-IT.CA
  default_domain = CLICK-IT.CA
  [domain_realm]
  .citadsvr01.click-it.ca = CLICK-IT.CA
  .click-it.ca = CLICK-IT.CA
  click-it.ca = CLICK-IT.CA
  click-it = CLICK-IT.CA
  [appdefaults]
  pam = {
  ticket_lifetime = 1d
  renew_lifetime = 1d
  forwardable = true
  proxiable = false
  retain_after_close = false
  minimum_uid = 0
  debug = false
  [logging]
  default = FILE:/var/log/krb5libs.log
  kdc = FILE:/var/log/kdc.log
  admin_server = FILE:/var/log/kadmind.log
  and here is my smb.conf file
  /etc/samba/smb.conf
  [Global]
  netbios name = WKSTN1-ARCH
  workgroup = CLICK-IT
  realm = CLICK-IT.CA
  server string = %h ArchLinux Host
  security = ads
  encrypt passwords = yes
  password server = citadsvr01.click-it.ca
  idmap config * : backend = rid
  idmap config * : range = 10000-20000
  winbind use default domain = no
  winbind enum users = Yes
  winbind enum groups = Yes
  winbind nested groups = Yes
  winbind separator = +
  winbind refresh tickets = yes
  template shell = /bin/bash
  template homedir = /home/%D/%U
  preferred master = no
  dns proxy = no
  wins server = pdc.example.com
  wins proxy = no
  inherit acls = Yes
  map acl inherit = Yes
  acl group control = yes
  load printers = no
  debug level = 3
  use sendfile = no
  Any help with this would be greatly aprecieated...
  Last edited by 0n3 (2014-03-28 05:27:43)

  0n3 wrote:Please mark as solved, for some reason the winbindd service wasnt being started, i enabled and started it manually and it works now
  You need to do that yourself.
  https://wiki.archlinux.org/index.php/Fo … ow_to_Post

• Asset intelligence: inventoried software, based on add/remove programs?

  Hi,
  Please clarify where asset intelligence, inventoried software gets its data: is it reading add/remove programs
  (software metering is checking .exe but inventoried software ...)?
  J.
  Jan Hoedt

  http://msdn.microsoft.com/en-us/library/cc144824.aspx (This article still applies to CM12).
  Torsten Meringer | http://www.mssccmfaq.de

• Allow a non-administrator to install certain software on a domain computer?

  Hi, I think this question was answered before, but mine has a little twist to it.All the users (are on Dell notebooks, Win 7 Professional and/or Enterprise) in my Domain are Domain users. They cannot install any software.But recently Adobe came up with Adobe Creative Suite Cloud Edition where each user have to download and install any Adobe "module" as they need (Photoshop, Bridge, Illustrator etc). On top of that, Adobe has many updates, upgrades and security patches.Worse of all, some of my users share Dell Precision Mobile workstations and Adobe Creative Suite Cloud Edition is "user" based, something like Google Chrome, whereby each "logged on" user have to install their desired module(s).So is there a way I can set users NOT to be local administrators but can download & install any Adobe Creative Suite Cloud Edition modules and its...
  This topic first appeared in the Spiceworks Community

  Hey SpiceHeads,Haven't you heardthat we always love to know your feedback?Lenovo recently exhibited at SpiceWorld London for the first time and we are totally interested to find out if their attendance at Spiceworld has influenced your opinion or consideration since. Have you considered buying any Lenovo B2B Solutions? What impressed you most from their booth?Let us know below how Lenovo’s attendance has influenced you andthe lucky winner will receive a 100 Amazon Voucher. For a second entry make sure you followLenovo’s UK Vendor Page.The contest is UK only and ends on 31st July. T&C's can be found here.

• Unable to join to domain 2008 server core machine

  Hi, I'm trying to join the server core computer to domain. When I'm running command: netdom join core /domain:contoso.prv  I'm getting error:
  "the specified domain either does not exist or could not be contacted"
  after command : netdom join core.contoso.prv /domain:contoso.prv
  error:
  "The RPC server is unavailable"
  I can join full version of Windows Server 2008 with GIU
  When trying to ping my server core machine form DC- doesn't work. Pinging DC form server core is working.
  My domain it was just configured and is fresh installation. Do I have to change some firewall settings on core to join to the domain..
  I do not understand the problem.
  I just learning, so please to be placable, pelase. 

  I Have resolved the problem. I have not noticed
  (I do not know why) the IP of the core server
  is form APIPA  range. I thought that I
  changed it. After the change everything works
  fine :). Thanks for help anyway.

• Reoccuring Safely Remove Hardware - T60 WinXP SP3

  HI all,
  I received my laptop back from the repair center today. Once I finished with the Windows setup the Remove Hardware Safely icon was waiting in the taskbar. The device it lists is the Mat**bleep**a DVD-RAM UJ-842 - [D:]. I followed the steps to Stop device and windows popped up the "it is now safe to remove ..." message and the Safely Remove Hardware icon was removed from the taskbar. When I restarted the Safely Remove Hardware icon returned. I have only plugged 1 device into the machine; a usb mouse. I have not installed any new programs either. What steps do I take to end this loop?
  Happy New Year

  Looks like the Handle command-line utility should be able to filter on D:\; quoting from the above link:
  usage: handle [[-a] [-u] | [-c <handle> [-l] [-y]] | [-s]] [-p <processname>|<pid>> [name]
  name
  This parameter is present so that you can direct Handle to search for references to an object with a particular name.
  For example, if you wanted to know which process (if any) has "c:\windows\system32" open you could type:
  handle windows\system
  The name match is case-insensitive and the fragment specified can be anywhere in the paths you are interested in.
  Results of Your Ideal Business-Class Laptop survey, concluded 2009-07-29.
  Did someone help you?
  Say thanks! with a kudo.
  Even better: Pay it forward, help someone else.

• Delegate Control - Add/Remove Computers

  We are looking at a way to delegate control to our client services group so that they can add and remove computers from the domain.  I am not seeing this in the available options.  We'll be applying this to certain OU's within the domain to ensure
  they cannot remove critical server accidentally such as a DC.  Ideas or links are appreciated.
  Thanks!

  These articles cover delegating these rights to users.  In general delegating these rigths creates issues because the user that created the object is given full control, and therefore they can do things other users can't.  Moving an object requires
  special rights in the source and target OU, while managing all computers in multiple OUs requires additional rights.
  How to allow specific users to add workstations to the domain
  http://networkadminkb.com/kb/Knowledge%20Base/ActiveDirectory/How%20to%20allow%20specific%20users%20to%20add%20workstations%20to%20the%20domain.aspx
  How to overcome issues related to specific users adding workstations to the domain
  http://networkadminkb.com/kb/Knowledge%20Base/ActiveDirectory/How%20to%20overcome%20issues%20related%20to%20specific%20users%20adding%20workstations%20to%20the%20domain.aspx
  How to allow users to fully manage Computer objects in an OU
  http://networkadminkb.com/kb/Knowledge%20Base/ActiveDirectory/How%20to%20allow%20users%20to%20fully%20manage%20Computer%20objects%20in%20an%20OU.aspx
  How to allow users to move computer objects between OUs
  http://networkadminkb.com/kb/Knowledge%20Base/ActiveDirectory/How%20to%20allow%20users%20to%20move%20computer%20objects%20between%20OUs.aspx

• All Domain User update specific application

  Server OS: Windows Server 2008 R2
  PC: Windows 7 SP1 Professional /joined domain
  We looking for any hint can allow domain user account upgrade specific appliation, we test servral method but all not work
  1. This is IM QQ appliction and no MSI , version change quickly, can not use GPO deploy also the patch is not download. Force update by online.
  2. We can not grant local admin right to users beacuse need to stop anyone install application without approval
  3. Can not use Windows Application Control, because that feature need Windows 7 Enterprise.
  4. Consider use local security policy, application control or software restrict but difficult for mangement over 100 PCs
  5. Try to grant everyone under program files / (x 86) folder but patch update seem involve registry and other system permission.
  6. Market has third party application control but those application can not block the application which not on their list, means we if we grant local admin right to users, they can freely install anything
  seem any other information can help this case. thanks
  supporthk

  How about:
  Group policy to add a local admin user account for a day or two, or a week
  Group policy to apply a logon script to run a batch file - batch file to copy file(s) to local computer, "run as" the install file as new local admin account, then clean up temp & install files
  Then edit the 1st GPO to remove that local admin account
  Could be a way, but that force the admin to pre-package all software update and it allow a hole for the user to install anything while it's PC isnt rebooted.
  Maybe in App-V it could be do-able. In XenApp you can stream to the computer the application, and you can allow the user to update. The registry hive is isolated and file are deployed when the user click the application. Never tried it with App-V, but I
  heard you can isolate the application too. In both product you pre-install in a virtual's way, and that make like a .msi, that the user get to the workstation when they want to use the application in big, and the modified file are stored in the user profile
  (for xenapp, surelly the same for app-v)
  Regards, Philippe
  Don't forget to mark as answer or vote as helpful to help identify good information. ( linkedin endorsement never hurt too :o) )
  Answer an interesting question ? Create a
  wiki article about it!

• How to create a Domain user in a Specific OU using System Center 2012 R2 Orchestrator and Service Manager

  Dear All,
  I have a simple Runbook with the following details:
  Initialize Data: (First Name, Last Name, Login Name, Deparment Name) --> Create User: Name:(Domain), Common Name, Display Name, First, Last Name, SAM Account Name (From Initialize Data) --> Enable
  User: Distinguished Name --> Add User to Group: Group Distinguished Name, User Distinguished Name 
  Active Directory Management Pack in place and the Prerequisites Configurations are added Too (Configuration User Name, Configuration Password, Configuration DC, Configuration Default OU.
  The Runbook is Synched with Service Manager, Request Offering/Service Offering and published to the portal.
  When I filled the 4 required values (First Name, Last Name, Login Name, Deparment Name), the Runbook will kick off and the user is created in Active Directory.
  The user is placed in the Default OU which is predefined in AD Prerequisites Configurations in Orchestrator.
  I need to add another Required Value to my Request Offering (SR) called User Level Enum List (Low, Medium, High).
  I need to place the user in a Specific OU based on the Level entered from SSPortal, If the user is Low, then Create the user in this OU, if the user is Medium then create it in this OU, etc...
  How can I do this in Orchestrator? What I want to modify in my runbook to accomplish this task?
  Thank you,

  I AM TRYING TO USER/MAILBOX CREATION PROCESS, FOLLOWING IS THE BUSINESS REQUIREMENT
  GET THE USER FROM ERP SYSTEM (SQL)
  CREATE USER IN SPECIFIC OU
  ENABLE THE MAILBOX IN SPECIFIC DATABASE BASED UPON USER ROLE
  CREATE A USER IN NAVISION SYSTEM WHICH IS AGAIN JUST CREATING SQL LOGIN.
  PLEASE ADVISE ME THE PROCESS AND PROCEDURE ILLUSTRATION IF IT ALL POSSIBLE IN SINGLE RUNBOOK.
  I AM ABLE TO CREATE USER/MAILBOX BUT STRUGGLING TO CREATE IN SPECIFIC OU/MAILBOX DB AND SQL LOGIN.
  FARRUKH
  [email protected]
  Farrukh Anwar