"Discovery Manager" role cannot place a mailbox on hold
My Company is testing Exchange 2013 and Exchange Online. We would like to have all discovery functions managed by our legal team. We have assigned test users the “Discovery Manager” role. That role should allow them rights to search all mailboxes
and put search results on hold. Additionally, the discovery manager role should allow them to select a user mailbox in EAC, open the "Mailbox Features" page and enable litigation hold on the mailbox (no searching required).
We have found the second feature, enabling litigation hold without searching, is unavailable to discovery managers when using EAC. The "Mailbox Features" page is not exposed to discovery mangers using EAC. The discovery manager can place a mailbox
on hold using PowerShell but that would not be a reasonable option for our legal team.
Please confirm if my understanding is correct, discovery manager should be able to place a mailbox on hold as well as in-place hold using EAC.
Thanks in advance,
Ron
Does "Get-RoleGroup "discovery Management" | FL *role*" show that the Legal Hold role is assigned to the Discovery Mgmt role Group? If so, then you may need to assign the "Recipient Management" or "Help Desk" role to those users as well or if you wish
to security trim their access, create a customized RBAC role for them.
Alternatively, see if they can simply set litigation hold via Powershell with set-mailbox
Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.
Similar Messages
-
"Office 365 Mailbox" missing for users that are member of Ricipent Management role
Hi,
I have a hybrid setup with Office 365 and one exchange 2013 standard server on-premises.
I currently have an issue with that I have a button after pressing the + under recipient to create a Office 365 mailbox from the ECP, but users that are members of the Recipient Management role don't have that button visible.
What extra permissions are required to be able to create an Office 365 mailbox from the on-premises Exchange?Hi SeidKrv,
Thanks for your update.
Following article introuduces the permissions that need to assigned before running "New-Mailbox" command.
Please focus on "Recipient Provisioning Permissions" session.
Recipients Permissions
http://technet.microsoft.com/en-us/library/dd638132(v=exchg.150).aspx
Based on the article, it seems both Recipient Management role and Organization Management role are required.
More detailed information on both management role as below:
1. Administrators who are members of the Recipient Management role group have administrative access to
create or modify Exchange 2013 recipients within the Exchange 2013 organization.
2. Administrators that are members of the Organization Management role group have administrative access to the entire Exchange 2013 organization and
can perform almost any task against any Exchange 2013 object, with some exceptions. By default, members of this role group can't perform mailbox searches and management of unscoped top-level management
roles.
Thanks
Mavis Huang
TechNet Community Support -
This is a new domain-joined Server 2012 member server with no data. Domain Administrator account is in the Organization Management group. Domain functional level is Server 2012.
Setup /m:RecoverServer fails because "...server roles are already installed..."
Uninstall fails because the "mailbox database contains one or more mailboxes..." which I can't delete.Hi,
I recommend you refer to the following article to troubleshoot the issue:
https://social.technet.microsoft.com/wiki/contents/articles/14874.error-the-user-domain-localusersadministrator-isnt-assigned-to-any-management-roles-on-exchange-2010-management-console.aspx
we may try to propagate the RBAC permissions for the user again! procedure is as below:
1.
Open Windows Powershell as “Run As Administrator”
2.
Load the setup Snapin with the command: Add-Pssnapin *Setup*
3.
Run the commands one after the other to propagate the RBAC to the user who is logged on to the Exchange Server.
a. Install-CannedRbacRoleAssignments –InvocationMode Install
b.
Install-CannedRbacRoles
c.
Install-CannedRbackRoleAssignmentsRAP
d.
Install-CannedAddressLists
Thanks.
Niko Cheng
TechNet Community Support -
Custom Distribution Group management role (manager excpeiton)
My organization is medium size with multiple support groups (15+) that each support a subset of users (350+). I want to create a management role that is scoped so each support group can manage the distribution groups in their respective OU space.
By manage I mean edit the group membership. I realize I can achieve this with AD permissions but I’d like to achieve this in a way that leverages RBAC so the support groups can use OWA. I also want to leverage RBAC\OWA because not all my support groups are
technical, some are office admins. Anyways, below is what I’ve tried in my lab scoped to one of my support groups.
Using the cmdlets below I’ve created a custom management scope, role and group. However, this does not work. While it lets my sales support group view and edit some random attributes on the group, it fails when they try to edit the group membership. In other
words, they can logon to OWA, click options\see all options\manage your organization\distribution groups\open the group\edit description etc. but when they select “Add…” under membership then select the user and hit ok\save they get the error “you don’t have
sufficient permissions. this operation can only be performed by a manger of the group”.
New-ManagementScope -Name “Sales Support DG MScope” -RecipientRestrictionFilter {RecipientType -eq "MailUniversalSecurityGroup"} -RecipientRoot “lab.com/sales”
New-ManagementRole -name “Sales Support DG MRole” -Parent "Distribution Groups"
New-RoleGroup -name “Sales “Sales Support DG MGroup” -Roles "Sales Support DG MRole" -CustomRecipientWriteScope "Sales Support DG MScope"
When I do as the error asks (i.e. add my support user as a manager of the group via the EMC), then my support user is able to edit the group's membership in OWA. The problem with this solution is that it would require me to add my support users to my role
group “Sales Support DG MGroup” AND as a manager of the DG and every DG that is created down the line. Not ideal. Any ideas, some RBAC magic I’m missing?
Below confirms by scope.
Get-Group -OrganizationalUnit “lab.com/sales” | ?{$_.RecipientType -eq "MailUniversalSecurityGroup"}
Name DisplayName SamAccountName GroupType
distro1 distro1 distro1 Universal, SecurityEnabled
distro2 distro2 distro2 Universal, SecurityEnabled
distro3 distro3 distro3 Universal, SecurityEnabled
On a side note, I realize by sourcing my management role off of distribution groups gives me more cmdlets\access than my support group needs (see below). I’m first just trying to get it to work :).
Get-ManagementRole “Sales Support DG MRole” | Get-ManagementRoleEntry | select name
Name
Add-DistributionGroupMember
Disable-DistributionGroup
Enable-DistributionGroup
Get-ADServerSettings
Get-AcceptedDomain
Get-DistributionGroup
Get-DistributionGroupMember
Get-DomainController
Get-DynamicDistributionGroup
Get-Group
Get-MailUser
Get-Mailbox
Get-OrganizationalUnit
Get-Recipient
Get-ResourceConfig
Get-User
New-DistributionGroup
New-DynamicDistributionGroup
Remove-DistributionGroup
Remove-DistributionGroupMember
Remove-DynamicDistributionGroup
Set-ADServerSettings
Set-DistributionGroup
Set-DynamicDistributionGroup
Set-Group
Set-OrganizationConfig
Update-DistributionGroupMember
Write-AdminAuditLogHello,
I understand that you have create custom management scope for each group and assigned a custom role to it.
But whenever user try to edit (add/remove membership ) ,it shows errors "you dont have sufficient permissions". I face similar problem when we move from 2007 to 2010, 2010 by default disabled editing options for Dl membership.
You can enable it by Graphic mode or powershell. Would suggest that you have created custom role, you follow powershell mode. I had written a blog on that.
Check below link. http://exchange2010cmd.blogspot.de/
You have created new management role “Sales Support DG MRole”, but you need to assign this role to users/administrators in your case through role assignment policy.
You can either use existing default policy or create new policy and assign this management role to it.
Use below cmd: New-ManagementRoleAssignment -Role “Sales Support DG MRole” –Policy “Default Role Assignment Policy”
NOTE: If you are creating new policy , place that name instead of default policy name".
I recommend you continue with defalut policy. After this check with any admin, he should have rights to edit membership.
Now, regarding your second concern, that your custon role has to many role entries.
You can remove unwanted role entries.
Use this cmd: Get-ManagemenRoleEntry “Sales Support DG MRole\*” | where{ $_.name –like “Set-distributionGroup” } | remove-managementroleentry
Before linking management role to email policy, remove unwanted role entry from role.
I tried to explain it in easy way, but still it is not understood, write back to me. I am new to technet forum, I started few days back replying to questions. If you get your answer,dont forget to propose it as answer. -
Modifying a precanned RBAC management role
I'm trying to revert a precanned management role "Mailbox Import Export" to the default out-of-the-box state. Some time ago, someone removed a handful of parameters and entries from it.
When I try to just add them back I get an error "The precanned management role "Mailbox Import Export" can't be modified."
I understand that it's not normally done, and some people think its not possible to do. But someone figured out how to remove entries in the past -- now I have to figure out how to put them back.
Anyone have any experience with this?
Also, is it possible to modify assigned management roles? This role is already a member of a group & has some assignments. If possible, I'd like to modify it in-place.Everything is stored in AD so ADSIEdit will be your friend but it's not recommended (or probably supported too) to modify this via raw AD editors...
Configuration -> Services -> Microsoft Exchange -> YourExOrgName -> RBAC -> Roles -> Mailbox Import Export -> msExchRoleEntries is the attribute with proper formatted values...
I strongly recommend you to test this in a Test environment first and take backup of AD before doing any modification in production environment...
Blog |
Get Your Exchange Powershell Tip of the Day from here -
Active Manager failed to mount database Mailbox Database?
So we had our stuff working fine with exchange 2010 rc and 08 r2 rtm... We installed antivirus on our server and now get the below message.... Everything "seems" to work though... We get two of these messages per reboot though... one with the main box database and one for the public folder one....
Again all seems to work okay, we have tried to remove AV but didnt fix.
Any suggestions?
Active Manager failed to mount database Mailbox Database 0539218550 on server main-server.hq.local. Error: An Active Manager operation failed with a transient error. Please retry the operation. Error A transient error occurred during discovery of the database availability group topology. Error: Database action failed with transient error. Error: A transient error occurred during a database operation. Error: MapiExceptionNetworkError: Unable to make admin interface connection to server. (hr=0x80040115, ec=-2147221227)
Diagnostic context:
Lid: 12696 dwParam: 0x6D9 Msg: EEInfo: Generation Time: 2009-09-04 16:40:25:54
Lid: 10648 dwParam: 0x6D9 Msg: EEInfo: Generating component: 2
Lid: 14744 dwParam: 0x6D9 Msg: EEInfo: Status: 1753
Lid: 9624 dwParam: 0x6D9 Msg: EEInfo: Detection location: 501
Lid: 13720 dwParam: 0x6D9 Msg: EEInfo: Flags: 0
Lid: 11672 dwParam: 0x6D9 Msg: EEInfo: NumberOfParameters: 4
Lid: 8856 dwParam: 0x6D9 Msg: EEInfo: prm[0]: Unicode string: ncalrpc
Lid: 8856 dwParam: 0x6D9 Msg: EEInfo: prm[1]: Unicode string:
Lid: 12952 dwParam: 0x6D9 Msg: EEInfo: prm[2]: Long val: -1988875570
Lid: 12952 dwParam: 0x6D9 Msg: EEInfo: prm[3]: Long val: 382312662
Lid: 24060 StoreEc: 0x80040115
Lid: 23746
Lid: 31938 StoreEc: 0x80040115
Lid: 19650
Lid: 27842 StoreEc: 0x80040115
Lid: 20866
Lid: 29058 StoreEc: 0x80040115.I get this as well - two exchange 2010 SP1 UR2 servers. they host all roles on each, non-dag members as of now. Every time I reboot either server I get the same thing. MSExchangeRepl 3154 Service
Log Name: Application
Source: MSExchangeRepl
Date: 1/3/2011 10:54:07 PM
Event ID: 3154
Task Category: Service
Level: Error
Keywords: Classic
User: N/A
Computer: mail.mydomain.com
Description:
Active Manager failed to mount database Exchange DB on server mail.mydomain.com. Error: An Active Manager operation failed with a transient error. Please retry the operation. Error: Database action failed with transient error. Error: A transient error
occurred during a database operation. Error: MapiExceptionNetworkError: Unable to make admin interface connection to server. (hr=0x80040115, ec=-2147221227)
Diagnostic context:
Lid: 12696 dwParam: 0x6D9 Msg: EEInfo: Generation Time: 2011-01-04 03:54:07:310
Lid: 10648 dwParam: 0x6D9 Msg: EEInfo: Generating component: 2
Lid: 14744 dwParam: 0x6D9 Msg: EEInfo: Status: 1753
Lid: 9624 dwParam: 0x6D9 Msg: EEInfo: Detection location: 501
Lid: 13720 dwParam: 0x6D9 Msg: EEInfo: Flags: 0
Lid: 11672 dwParam: 0x6D9 Msg: EEInfo: NumberOfParameters: 4
Lid: 8856 dwParam: 0x6D9 Msg: EEInfo: prm[0]: Unicode string: ncalrpc
Lid: 8856 dwParam: 0x6D9 Msg: EEInfo: prm[1]: Unicode string:
Lid: 12952 dwParam: 0x6D9 Msg: EEInfo: prm[2]: Long val: -1988875570
Lid: 12952 dwParam: 0x6D9 Msg: EEInfo: prm[3]: Long val: 382312662
Lid: 24060 StoreEc: 0x80040115
Lid: 23746
Lid: 31938 StoreEc: 0x80040115
Lid: 19650
Lid: 27842 StoreEc: 0x80040115
Lid: 20866
Lid: 29058 StoreEc: 0x80040115
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MSExchangeRepl" />
<EventID Qualifiers="49156">3154</EventID>
<Level>2</Level>
<Task>1</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2011-01-04T03:54:07.000000000Z" />
<EventRecordID>8851</EventRecordID>
<Channel>Application</Channel>
<Computer>mail.mydomain.com</Computer>
<Security />
</System>
<EventData>
<Data>Exchange DB</Data>
<Data>mail.mydomain.com</Data>
<Data>An Active Manager operation failed with a transient error. Please retry the operation. Error: Database action failed with transient error. Error: A transient error occurred during a database operation. Error: MapiExceptionNetworkError:
Unable to make admin interface connection to server. (hr=0x80040115, ec=-2147221227)
Diagnostic context:
Lid: 12696 dwParam: 0x6D9 Msg: EEInfo: Generation Time: 2011-01-04 03:54:07:310
Lid: 10648 dwParam: 0x6D9 Msg: EEInfo: Generating component: 2
Lid: 14744 dwParam: 0x6D9 Msg: EEInfo: Status: 1753
Lid: 9624 dwParam: 0x6D9 Msg: EEInfo: Detection location: 501
Lid: 13720 dwParam: 0x6D9 Msg: EEInfo: Flags: 0
Lid: 11672 dwParam: 0x6D9 Msg: EEInfo: NumberOfParameters: 4
Lid: 8856 dwParam: 0x6D9 Msg: EEInfo: prm[0]: Unicode string: ncalrpc
Lid: 8856 dwParam: 0x6D9 Msg: EEInfo: prm[1]: Unicode string:
Lid: 12952 dwParam: 0x6D9 Msg: EEInfo: prm[2]: Long val: -1988875570
Lid: 12952 dwParam: 0x6D9 Msg: EEInfo: prm[3]: Long val: 382312662
Lid: 24060 StoreEc: 0x80040115
Lid: 23746
Lid: 31938 StoreEc: 0x80040115
Lid: 19650
Lid: 27842 StoreEc: 0x80040115
Lid: 20866
Lid: 29058 StoreEc: 0x80040115</Data>
</EventData>
</Event>
Log Name: Application
Source: MSExchangeRepl
Date: 1/3/2011 10:54:06 PM
Event ID: 3154
Task Category: Service
Level: Error
Keywords: Classic
User: N/A
Computer: mail.mydomain.com
Description:
Active Manager failed to mount database Public on server mail.mydomain.com. Error: An Active Manager operation failed with a transient error. Please retry the operation. Error: Database action failed with transient error. Error: A transient error occurred
during a database operation. Error: MapiExceptionNetworkError: Unable to make admin interface connection to server. (hr=0x80040115, ec=-2147221227)
Diagnostic context:
Lid: 12696 dwParam: 0x6D9 Msg: EEInfo: Generation Time: 2011-01-04 03:54:05:732
Lid: 10648 dwParam: 0x6D9 Msg: EEInfo: Generating component: 2
Lid: 14744 dwParam: 0x6D9 Msg: EEInfo: Status: 1753
Lid: 9624 dwParam: 0x6D9 Msg: EEInfo: Detection location: 501
Lid: 13720 dwParam: 0x6D9 Msg: EEInfo: Flags: 0
Lid: 11672 dwParam: 0x6D9 Msg: EEInfo: NumberOfParameters: 4
Lid: 8856 dwParam: 0x6D9 Msg: EEInfo: prm[0]: Unicode string: ncalrpc
Lid: 8856 dwParam: 0x6D9 Msg: EEInfo: prm[1]: Unicode string:
Lid: 12952 dwParam: 0x6D9 Msg: EEInfo: prm[2]: Long val: -1988875570
Lid: 12952 dwParam: 0x6D9 Msg: EEInfo: prm[3]: Long val: 382312662
Lid: 24060 StoreEc: 0x80040115
Lid: 23746
Lid: 31938 StoreEc: 0x80040115
Lid: 19650
Lid: 27842 StoreEc: 0x80040115
Lid: 20866
Lid: 29058 StoreEc: 0x80040115
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MSExchangeRepl" />
<EventID Qualifiers="49156">3154</EventID>
<Level>2</Level>
<Task>1</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2011-01-04T03:54:06.000000000Z" />
<EventRecordID>8850</EventRecordID>
<Channel>Application</Channel>
<Computer>Gmail.mydomain.com</Computer>
<Security />
</System>
<EventData>
<Data>Public</Data>
<Data>mail.mydomain.com</Data>
<Data>An Active Manager operation failed with a transient error. Please retry the operation. Error: Database action failed with transient error. Error: A transient error occurred during a database operation. Error: MapiExceptionNetworkError:
Unable to make admin interface connection to server. (hr=0x80040115, ec=-2147221227)
Diagnostic context:
Lid: 12696 dwParam: 0x6D9 Msg: EEInfo: Generation Time: 2011-01-04 03:54:05:732
Lid: 10648 dwParam: 0x6D9 Msg: EEInfo: Generating component: 2
Lid: 14744 dwParam: 0x6D9 Msg: EEInfo: Status: 1753
Lid: 9624 dwParam: 0x6D9 Msg: EEInfo: Detection location: 501
Lid: 13720 dwParam: 0x6D9 Msg: EEInfo: Flags: 0
Lid: 11672 dwParam: 0x6D9 Msg: EEInfo: NumberOfParameters: 4
Lid: 8856 dwParam: 0x6D9 Msg: EEInfo: prm[0]: Unicode string: ncalrpc
Lid: 8856 dwParam: 0x6D9 Msg: EEInfo: prm[1]: Unicode string:
Lid: 12952 dwParam: 0x6D9 Msg: EEInfo: prm[2]: Long val: -1988875570
Lid: 12952 dwParam: 0x6D9 Msg: EEInfo: prm[3]: Long val: 382312662
Lid: 24060 StoreEc: 0x80040115
Lid: 23746
Lid: 31938 StoreEc: 0x80040115
Lid: 19650
Lid: 27842 StoreEc: 0x80040115
Lid: 20866
Lid: 29058 StoreEc: 0x80040115</Data>
</EventData>
</Event> -
On 10.4.11 iMac Mac Mail I get this message: "Mail cannot update your mailboxes because your home directory is full. You must free up space in your home folder before using Mail. Delete unneeded documents or move documents to another volume." I can't open mail to do this. I have reinstalled software but no effect. How do I get into Mail to delete?
Found this on the "more like this" Worked like a charm!
With the Mail.app quit and using the Finder, go to Home > Library > Mail. Copy the Mail folder and place the copy on the Desktop for backup purposes.
Go to Home > Library > Mail > Envelope Index. Move the Envelope Index file to the Desktop.
Launch Mail and you will be prompted to import mailboxes. Select OK and allow the import process to complete.
After confirming all mailboxes were successfully imported and available, you can delete the copy of the Mail folder and old Envelope Index file from the Desktop and this should resolve the problem. -
I go into the 2008 r2 dc and add a user. The 2003 dc has all of the fsmo roles. Then I go into the exchange server and add the new mailbox through the GUI. It runs the cmdlet and creates the new mailbox without any errors. Then I go in and try to access
the mailbox through owa and cannot access the mailbox. It says the mailbox does not exist. Both my 2003 dc(which I want to decommission) and 2008 servers are replicating. I see the user object on both servers. I have the email server pointed to the 2003 dns
server as my preferred dns. This just started happenning a couple of days ago. I dont know if a windows update caused this but everything was fine before Wednesday. All of the other users can access their mailboxes through owa just any new ones I created cannot.
In fact when I send a test email to the new account, I immediately get a bounce back so I dont think I would be able to access the new mailbox through outlook.
visualbasicfrustratedHello,
I recommend you check your exchange server using windows server 2003 DC or windows server 2008 DC.
Please use repadmin /showrepl command to check DC replication status.
Please check if there is related error in application log.
Cara Chen
TechNet Community Support -
Solution Manager EWA - cannot create session in satellite system
"Hi,
I want to configure EWA self service using Solman 4.0. I succesfully did the following :
a. Maintained SMSY and create the required trusted RFC connections from SM to satellite system. All connection and authorization passed in SM59. I used SAP_ALL/SDCCN_ALL role and assigned objects S_RFC*.
b. Assigned the system to a logical system.
c. Created the a new solution and activate "Solutions Monitoring > Earlywatch Alert"
d. Activated and maintained required RFC in SDCCN in satallite system.
My problem is that the create EWA alert request (Red Flag with a specific session number ) coulnd be pass to the satelitte system even though all the trusted RFC and authorization is set. When i execute the SESSION_REFRESH in the satellite system, the session is not created.
Did I miss out any steps. Can any one share any help ?
FYI, there is no connection to SAPOSS yet, so i did not manage to run RTCCTOOL completed, but i doubt this is required for EWA self service."
I have the same problem as Solution Manager EWA - cannot create session in satellite system
tried all of solutions, but it does not help... Created the CM (high) for SAP, but get 1 response for 1 week from them:(Dear Sapbcer,
Have you tried the following option :
Execute SMSY and from the Server entry Execute the "Read System Data Remote" option in change mode.
Save the data captured and then try using Refresh Session Task from SDCCN of the satellite system. Do select the RFC for Solution Manager while performing this task.
Hope this helps.
Regards
Amit -
Cannot disable a mailbox in Exchange 2013 CU6!?!?!?!
I cannot disable a mailbox in Exchange 2013 CU6. I get the following error:
Anyone seen this error? As you know, I just want to remove the Exchange attributes from the user object in Active Directory. Of course, deleting the user object works just fine but don't want to go that route.I tried with the EMS (Powershell) and I still get an error:
[PS] C:\>disable-mailbox [email protected]
Confirm
Are you sure you want to perform this action?
Disabling mailbox "[email protected]" will remove the Exchange properties from the Active Directory user object and mark the mailbox in the database for removal. If the mailbox has an archive or remote archive, the archive will also
be
marked for removal. In the case of remote archives, this action is permanent. You can't reconnect this user to the remote archive again.
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"):
Y
Active Directory operation failed on LocalDCName.local.com. This error is not retriable. Additional information: The parameter is incorrect.
Active directory response: 00000057: LdapErr: DSID-0C090CB9, comment: Error in attribute conversion operation, data 0, v2580
+ CategoryInfo : NotSpecified: (:) [Disable-Mailbox], ADOperationException
+ FullyQualifiedErrorId : [Server=LA-MBX01Server,RequestId=6ed97c1e-ae68-4670-a097-c4e65f683274,TimeStamp=11/18/2014 7:50:07 PM] [FailureCategory=Cmdlet-ADOperationException] 8D6C0FEB,Microsoft.Exchange.Management.RecipientTasks.Disable
Mailbox
+ PSComputerName : LocalDCName.local.com
I captured everything with the START-TRANSCRIPT cmdlet and changed the specific values to our organization (i.e., "[email protected]" and "LocalDCName.Local.com"). I've tried this on other mailboxes and I receive the same error whether
I use EMC or EMS. I believe this might be AD schema related just not sure where. -
Hi all,
First of all I already create a similar thread : http://social.technet.microsoft.com/Forums/en-US/b8f88745-ca79-43f9-8857-3b87781e5c19/rbac-to-create-mailbox?forum=exchangesvradmin
I got a problem in my Exchange Server 2013 environment. I cannot create new mailbox (new user) from ECP. But I can create new mailbox and choose existing user.
Active Directory operation failed on DC.mydomain.com. This error is not retriable. Additional information: Access is denied. Active directory response: 00000005: SecErr: DSID-031A121F, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
already try with no luck :
re-inherit the permission.
setup /prepareAD
I create new user and assign Org Management & Domain Admin
how to check whether the permission in my AD is correct ? or any idea should I start troubleshooting ?
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Krisna Ismayanto | My blogs: Krisna Ismayanto | Twitter:
@ikrisnasolved by executing setup.exe /preparedomain
and I found one of the server in container ADSIEdit were disabled inheritance. execute setup.exe /prepareAD, reboot the server (because it
ask for it), then execute setup.exe /preparedomain
cheers ! :)
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Krisna Ismayanto | My blogs: Krisna Ismayanto | Twitter:
@ikrisna -
Reg: Hiring Manager role in E-Recuitment EHP4
Hi all,
i am working with Ehp4 . My business package for Recruiter is Recruiter1.4.1 . I am trying to create a requisition from the recruiter login . I have a field HIRING MANAGER . Wat is the role tat we should assign for the Hiring Manager.
Thanks
PriyaHi,
I have the same problem on ERECRUIT604 EHP4 SP4. I cannot retrieve managers using Find Hiring Manager search on the Create Requisition page.
I have though found out that there are 2 cases.
On the one-instance solution with HR and ER on the same server an employee is retrieved as a Manager if there are following relationsships to his CP object:
B 207 Is identic BP
B 208 Is identic US
B 209 Has employ P
B 650 Has candid NA
Especially the relationship CP B208 US is critical. The problem is though that this relationship is not created automatically be the system as on the one-instance solution the user is retrieved from IT105 subtype 0001 via P object, so you have to create this relationsship manually. Or am I wrong?
On the two-instance solution with HR on one machine and ER on another the above solution does not work at all. Here the relationship CP B208 US is created via ALE, but it does not help for retrival of Hiring Managers.
I have also added the 'manager' role to the employee, the employee is the manager in the Organizational Structure, and still I cannot retrieve him.
Maybe it's a bug in the system. Anyway I cannot find any hints telling what are the assumptions for using this functionality.
Waiting for an answer
Best regards,
Beata -
Exchange 2010 Management Role loading slowness
Hello,
I'm new to the company I currently work for and relatively new into IT, and one of the first issues I have noticed here is how incredibly slow Exchange 2010 is when loading.
I'm aware there are numerous topics covering this issue after having done many checks on search engines, however most of them seem to advise going to IE and un-checking the boxes defining Certificate Revocation or other solutions that I haven't found to
be applicable, at least not to my knowledge. I have tried the first suggestion but found this made no difference.
We don't get any error messages when loading but it is generally a little slow, however the issue is where it says "Getting management role information for: domain/user info etc...", at the end of the progress bar. It will sit there for
6 minutes before finally loading and allowing me in. This happens every time you use it also, not just the first time, whether it's on the local machine of anyone in IT or on the server.
I've checked the server's available resources and it seems to be more than enough, although it is a virtual server so I'm not sure whether that changes what the issue could be.
Would anyone be able to help point me in the right direction of what I could be checking for? Sorry if this is a really vague question or I've not provided enough detailed information, but any help would be really appreciated. I'm sure one of the more experienced
members of my new team could take a look but I figured I'd try and make a good impression!
Apologies if this is in the wrong forum section also.
Thanks very muchHi
Thanks for the reply.
We're on Exchange Server 2010 SP3 (14.03.0158.001), as far as I can tell it's all up to date.
Server specs:
OS - Server 2008 R2 Enterprise, 64bit
RAM - 32GB
Processor - Intel Xeon E5-2690 @ 2.90GZ, 16 Cores, 16 Logical Processors
There's 433 mailboxes in total, spread over 19 databases (a database for each department), 17 of those being mounted and active.
Once I'm into the management console and can use the various features, the performance is generally fine, it's just that initial loading where it hangs.
Thanks -
Mail cannot access your mailbox information because it is in use
I have my mail on a Truecrypt drive and I have an alias pointing to that drive in my library and so sometimes I get this message:
"Mail cannot access your mailbox information because it is in use."
Options are:
"Quit and rebuild Information" or "Quit"
If I rebuild then I was losing all my sent messages which is a drag and it takes a while to re-download all the messages. So what I tried was deleting the Envelope Index.lock file and then launch mail and it started up with no problems.
I think the reason this is happening is that it is possible that when I shut my computer down, Truecrypt dismounts the drive while Mail is accessing the mail folder (hence the lock file) and so when I start up again and remount the truecrypt drive that lock file is still there and I have to delete it or Mail thinks some other program is using the mail folder. Just a guess.
Hope this helps someone else if they Google this error.I do but I do it from another computer -- that is the whole point of IMAP, by the way. I don't see how my accessing the IMAP server from another computer should cause Mail.app to think that my mailboxes on my local host, which are just copies, need to be rebuilt. I filed a bug on this and Apple gave me the annoying "Known issue" response, which means maybe they'll fix it, maybe not, thank you very much. It went away for a while, and now it's back again... sigh.
-
"Mail cannot update your mailboxes because your home directory is full"
I have a 250 GB hard disk, 4.34 GB of which is in my "Home" folder. (Total HD usage is about 27 GB.) This happened suddenly after Mail had been working fine for eons. I deleted a bunch of files (107 MB) in a "Drafts" folder (none show up in the Mail app's "Drafts" icon), but it made no difference. I re-installed the Mac OS X 10.4.11 combo update... no difference. Mail version is 2.1.3.
Any help here? I cannot use Mail at all.
Message was edited by: Bill StrohmHey there,
Have you had a chance to look at this Apple support document relating directly to this issue. Hope it helps.
[Mac OS X 10.4: "Mail cannot update your mailboxes because your home directory is full" alert|http://support.apple.com/kb/TA24486?viewlocale=en_US]
B-rock
Maybe you are looking for
-
Oracle 8.1.5 to oracle8.1.6 upgradation
Hi I am working paralelly on both Solaris2.7 and win NT4.0 The details are as follows 1. Liscenced versions of Oracle8.1.5 have been installed on both the systems In order to upgrade I tried searching for the script u0801050.sql in both the systems u
-
Format for PDF lost using MSP 2013 Pro
Hi. I'm trying to save as PDF and I set the view in the project to be a certain size i.e. 1 p wide by 3 p high but when I save as PDF that formatting is lost. My 3 page document comes out as 20 pages etc. I've tried printing a hard copy and then run
-
MS SQL Server 2000 Service Pack 4 upgrade
Hi, I need to upgrade my actual SAP DataBase SQL Server 2000 from Service Pack 2 to Service Pack 4 in order to be more secure as a MS consultant is requesting, but following the comments on the SAP note 1026116 attached file, which references this MS
-
Time capsule ethernet transfer slow
I have a new 3 tb time capsule. I have used it to back up my mac before doing a fresh install. I also transfered my large 250gb iphoto library via ethernet cable to the time capsule in a seperate folder. When I completed the new install of mountai
-
Problem obj Loader (resize)
Hello, I have a problem loading several .obj File in a scene using the following lines: OjectFile f = new ObjectFile(); etc. etc. if I add the scenefile to the Scene Graph the object is not centered and strange positioning. if I use the following fla