Insufficient access rights registering Oracle Directory Integration Server

Similar Messages

• Public folder migration 2010 to 2013 insufficient access rights

  Hi,
  I'm having a frustrating time with trying to migrate public folders. I've migrated all the mailboxes with no problems but when trying to migrate public folders with the same account it fails with this message;
  Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003
  (INSUFF_ACCESS_RIGHTS), data 0
   --> The user has insufficient access rights.
  The account is in the organisation management and recipient management group.
  I've tried ticking the inherit permission box in AD security.
  I've tried creating a brand new account with the same permissions.
  Nothing works. I'm tempted just to export to pst and import it to the public folder mailbox.
  Any help would be much appreciated.
  Thanks

  Hi Nick,
  ensure that the new admin account has the allow inheritance permission included
  Also ensure that the account has full rights to all the public folders in Ex2010
  Go to the application log and there would be an event triggered for the same with some description. YOu can find  that it might be failing permission on a particular public folder if so grant them access.
  And also check if the permission failed public folder is mail enabled. If so please disable the mail enable on that PF cancel the migration request and start a new migration request with the below cmd
  New-publicfoldermigrationrequest -sourcedatabase (Get-publicfolderdatabase -server servername -csvdata (get-content c:\contents.csv -encoding byte) -BadItemLimit 5000 -AcceptLargeDataLoss
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you.
  Regards, 
  Sathish

• Set-aduser : Insufficient access rights to perform the operation

  I am a domain admin, enterprise admin, exchange admin, domain user, and others.
  While running a PS on a DC as the administrator, The commands I'm running are ...
  $expdate = get-date -date '01/01/2014'
  set-aduser -identity testmail5 -accountexpirationdate $expdate
  I get the following error ...
  set-aduser : Insufficient access rights to perform the operation
  At line:1 char:1
  + set-aduser -identity testmail5 -accountexpirationdate $expdate
      + CategoryInfo          : NotSpecified: (testmail5:ADUser) [Set-ADUser], ADException
      + FullyQualifiedErrorId : Insufficient access rights to perform the operation,Microsoft.ActiveDirectory.Management.Comm
     ands.SetADUser
  I then switch to a different DC, the command 'might' work once, but will never run again in the same window.
  Then I tried this ...
  start-process powershell -verb runas
  That gave me an additional PS window, and I then tried running the commands again.
  Same error message.
  So I tried the following command ...
  $expdate = get-date -date '01/01/2014'
  set-aduser -server XXDC03 -identity testmail5 -accountexpirationdate $expdate
  Same error message.
  Is there any way that I can get around this problem?
  Please help.

  Keep in mind that the account used to open the PowerShell session must be the same account you're using to open ADUC. The error message means that Set-ADUser is trying to set the attribute for the account, but it's failing. Make sure to test with multiple
  different accounts, in case the access control list of the object you're trying to modify is the cause of the problem.
  Your PowerShell syntax is valid, so this isn't really a scripting question but a security/directory services question.
  -- Bill Stewart [Bill_Stewart]

• Error while configuring SSL in OID 11g - LDAP 50 Insufficient Access rights

  HI,
  I am trying to configure SSL in OID 11g.As per the doc http://download.oracle.com/docs/cd/E12839_01/oid.1111/e10029/ssl.htm#CBHGBGAF ,i tried creating a Self-Signed Wallte using Fusion Middleware control,But i am getting an error LDAP 50: Insufficient access rights".I logged into Fusion Middle Ware control as Weblogic user.Is anybody faced this issue?.Thanks in advance.

  I am not sure how you tried, but I would recommend to do the following...
  1. Add the 'user1' to "OU=Franchisees,ou=People,dc=company,dc=com"
  2. Delete the 'user1' from 'OU=Internal,ou=People,dc=company,dc=com'

• Dp* commands failed w/ SMSLdapObject: insufficient access rights to access

  My dpadmin list/modify fails to execute. The amSMS log is below. What aci I lost? Any help is appreciated.
  Regards
  11/20/2005 03:17:15:659 AM MST: Thread[main,5,main]
  SMSEntry: cache enabled: true
  11/20/2005 03:17:16:023 AM MST: Thread[main,5,main]
  SMSLdapObject: LDAP Initialized successfully
  11/20/2005 03:17:16:349 AM MST: Thread[main,5,main]
  Initialized LDAPEvent listner
  11/20/2005 03:17:16:412 AM MST: Thread[main,5,main]
  CachedSubEntries::getInstance DN: ou=DAI,ou=services,dc=sun,dc=com
  11/20/2005 03:17:16:432 AM MST: Thread[main,5,main]
  CachedSMSEntry::getInstance: ou=DAI,ou=services,dc=sun,dc=com
  11/20/2005 03:17:16:441 AM MST: Thread[main,5,main]
  SMSLdapObject.read() retry: 0
  11/20/2005 03:17:16:451 AM MST: Thread[main,5,main]
  WARNING: SMSLdapObject: insufficient access rights to access DN=ou=DAI,ou=services,dc=sun,dc=com
  11/20/2005 03:17:16:461 AM MST: Thread[main,5,main]
  ERROR: CachedSubEntries: unable to register for notifications:
  Message:The user does not have permission to perform the operation.
  at com.sun.identity.sm.ldap.SMSLdapObject.read(SMSLdapObject.java:231)
  at com.sun.identity.sm.SMSEntry.read(SMSEntry.java:334)
  at com.sun.identity.sm.SMSEntry.read(SMSEntry.java:326)
  at com.sun.identity.sm.SMSEntry.<init>(SMSEntry.java:162)
  at com.sun.identity.sm.CachedSMSEntry.getInstance(CachedSMSEntry.java:307)
  at com.sun.identity.sm.CachedSubEntries.<init>(CachedSubEntries.java:72)
  at com.sun.identity.sm.CachedSubEntries.getInstance(CachedSubEntries.java:204)
  at com.sun.identity.sm.ServiceManager.getVersions(ServiceManager.java:409)
  at com.sun.identity.sm.ServiceManager.serviceDefaultVersion(ServiceManager.java:427)
  at com.sun.identity.sm.ServiceConfigManager.<init>(ServiceConfigManager.java:94)
  at com.iplanet.am.sdk.AMCommonUtils.populateManagedObjects(AMCommonUtils.java:497)
  at com.iplanet.am.sdk.AMCommonUtils.<clinit>(AMCommonUtils.java:113)
  at com.iplanet.am.sdk.AMStoreConnection.<clinit>(AMStoreConnection.java:141)
  at com.sun.portal.desktop.context.DSAMEConnection.<init>(DSAMEConnection.java:89)
  at com.sun.portal.desktop.context.DSAMEAdminDPContext.init(DSAMEAdminDPContext.java:110)

  - what's the complete command ?
  - which user is used ?
  /ulf

• SMSLdapObject: insufficient access rights to access

  The dpadmin command failed w/ SMSLdapObject: insufficient access rights to access. The amSMS log is below. What aci did I lose? Any help is appreciated.
  Regards
  11/20/2005 03:17:15:659 AM MST: Thread[main,5,main]
  SMSEntry: cache enabled: true
  11/20/2005 03:17:16:023 AM MST: Thread[main,5,main]
  SMSLdapObject: LDAP Initialized successfully
  11/20/2005 03:17:16:349 AM MST: Thread[main,5,main]
  Initialized LDAPEvent listner
  11/20/2005 03:17:16:412 AM MST: Thread[main,5,main]
  CachedSubEntries::getInstance DN: ou=DAI,ou=services,dc=sun,dc=com
  11/20/2005 03:17:16:432 AM MST: Thread[main,5,main]
  CachedSMSEntry::getInstance: ou=DAI,ou=services,dc=sun,dc=com
  11/20/2005 03:17:16:441 AM MST: Thread[main,5,main]
  SMSLdapObject.read() retry: 0
  11/20/2005 03:17:16:451 AM MST: Thread[main,5,main]
  WARNING: SMSLdapObject: insufficient access rights to access DN=ou=DAI,ou=services,dc=sun,dc=com
  11/20/2005 03:17:16:461 AM MST: Thread[main,5,main]
  ERROR: CachedSubEntries: unable to register for notifications:
  Message:The user does not have permission to perform the operation.
  at com.sun.identity.sm.ldap.SMSLdapObject.read(SMSLdapObject.java:231)
  at com.sun.identity.sm.SMSEntry.read(SMSEntry.java:334)
  at com.sun.identity.sm.SMSEntry.read(SMSEntry.java:326)
  at com.sun.identity.sm.SMSEntry.<init>(SMSEntry.java:162)
  at com.sun.identity.sm.CachedSMSEntry.getInstance(CachedSMSEntry.java:307)
  at com.sun.identity.sm.CachedSubEntries.<init>(CachedSubEntries.java:72)
  at com.sun.identity.sm.CachedSubEntries.getInstance(CachedSubEntries.java:204)
  at com.sun.identity.sm.ServiceManager.getVersions(ServiceManager.java:409)
  at com.sun.identity.sm.ServiceManager.serviceDefaultVersion(ServiceManager.java:42 7)
  at com.sun.identity.sm.ServiceConfigManager.<init>(ServiceConfigManager.java :94)
  at com.iplanet.am.sdk.AMCommonUtils.populateManagedObjects(AMCommonUtils.java:497)
  at com.iplanet.am.sdk.AMCommonUtils.<clinit>(AMCommonUtils.java:113)
  at com.iplanet.am.sdk.AMStoreConnection.<clinit>(AMStoreConnection.java:141)
  at com.sun.portal.desktop.context.DSAMEConnection.<init>(DSAMEConnection.jav a:89)
  at com.sun.portal.desktop.context.DSAMEAdminDPContext.init(DSAMEAdminDPContext.jav a:110)

  - what's the complete command ?
  - which user is used ?
  /ulf

• Orcladmin: "Insufficient access right to perform action" using oidadmin

  After sucessfully installing OID from 8.1.7 CD on Sun Solaris 8
  (SPARC) I can start the monitor and the oidldap. After
  sucessfully connecting with orcladmin using oidadmin I always get
  the same error (either using oidadmin on windows or solaris) when
  accessing "entry management", "schema management" or "audit log
  management":
  Insufficient access right to perform action.
  but the default ACP allows everyone (browse add delete)
  anyone else had the same problem?
  I tried to create the name server with OID with netca which
  obviously does not work either.

  Hi Christian:
  You say that you conencted to OID as "oidadmin". Since OID does
  not have any user account called "oidadmin" you were probably
  conencted as an anonymous user. If you are trying to connect as
  the administrator of OID the correct user account name is
  "orcladmin" with a default password of welcome. Try this and let
  me know if you sitll have troubles.
  Thanks,
  Jay Tomlinson

• Keep Receiving: Error is: 'Insufficient access rights to perform the operation' When running script

  Hello. I have a powershell script I run in our domain to disable AD accounts. Part of that also removes the users from all AD groups. That part of my script however keeps throwing up this Error is: 'Insufficient access rights to perform the operation'
  error. 
  Now from our Exchange server if I run this script with powershell, things work fine. But running it on the domain controller is when I get this error. Thoughts? 

  Thanks Anna!
  I was able to add this code below in to the script where it kept erroring out and it then worked. I had to point it to a different DC then it was running on. 
  –Server comp1.test.server.com
  Thanks again!

• Insufficient Access Rights when trying to modify send as permissions on a public folder

  Where I work, we have 2 mailbox database servers and 2 cas servers on Exchange 2010, upgraded from Exchange 2003. We are finding that when trying to grant a user send as rights to a publlic folder we are getting an Insufficient Access Rights error. The
  bizzare thing is for one particluar folder we can amend the send as rights with no issue on one of the cas servers but not the other cas or either db servers.
  You would have thought if it was a user permissions issue i.e the adminsitrator not having sufficent rights it would fail on every server and likewise if it was a problem with the folder itself, why is it working on one of the cas servers? Also on
  the one server this particluar folder does allow us to amend the rights, when we try to amend others we get the same error 
  If anyone has come accross this before and knows a fix please share it.
  Thanks

  Hi,
  Please check the ownership of the affected public folder to make sure it points to the right server.
  Here is a similar thread which may help you, please following the suggests in this thread to check result.
  https://social.technet.microsoft.com/Forums/office/en-US/0960b944-82b2-42f1-b438-a7d57b7ab783/insuffaccessrights?forum=exchangesvrgenerallegacy
  Best regards,
  Belinda Ma
  TechNet Community Support

• How to start / stop Oracle Directory Integration service (Win 2k3 Server)

  I'm running a standard OAS 10.1.2.0.2 instance on Windows Server 2k3, and am having trouble starting and stopping ODISRV instances. Well, at least I think I am, because I can't find any way of telling if they're actually running.
  The System Components in the Application Server Control web page shows the following to be all up and running:
  HTTP_Server
  Internet Directory
  OC4J_SECURITY
  Single Sign-On:orasso
  Management
  Which is backed up by opmnctl:
  opmnctl statusProcesses in Instance:
  ------------------------------------------------+---------
  ias-component | process-type | pid | status
  ------------------------------------------------+---------
  DSA | DSA | N/A | Down
  LogLoader | logloaderd | N/A | Down
  dcm-daemon | dcm-daemon | 1988 | Alive
  OC4J | OC4J_SECURITY | 5008 | Alive
  HTTP_Server | HTTP_Server | 2800 | Alive
  OID | OID | 4956 | Alive
  In the Application Server Control, when I select the Internet Directory instance, and then the Status for Directory Integration, it shows two Directory Integration Servers, which correspond to instances I've previously started using oidctl. However, I cannot see any odisrv processes running. The only relevant processes appear to be 2 x oidldapd, 1 x oidmon, and 2 x opmn.
  When I try to stop these using oidctl, the command returns no errors, but these instances do not go away. There is also only one odisrv log file from a week or so ago that does not appear to get updated. It is very possible that I stuffed the parameters of these instances up when I started them, so they may well be in an invalid statr at the moment.
  So I have the following questions:
  - Is there anyway I can clear all these instances out back to a clean slate to start again?
  - Should I be using opmnctl to start an ODISRV instance, or should I somehow configure it to run under opmnctl startall?
  Thanks,
  Barney

  Once you register the integration server, OIDSRV should auto start using oidmon.
  To cleanup
  -- opmnctl stopall
  -- delete entries from ods.ods_process table, if there are any.
  -- Restart instance using opmnctl

• Exchange 2010 New Address List insufficient access rights

  Hi,
  I have tried to perform two actions within our new Exchange 2010 system and they fail with the same error.
  The first was to convert an existing Address Lists using LDAP to OPATH
  I used the following command:
  set-addresslist "Exchange 2010 Test" -recipientfilter {(recipienttype -eq "MailUniversalSecurityGroup") -or (recipienttype -eq "MailUniversalDistributionGroup") -and (name -like "exchange2010.*")}
  I get the error Access is Denied Active Directory response 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
  I also get the same error when I use the Exchange 2010 EMC to try and create a new address list.  Note I have no problems managing address lists from Exchange 2003.
  I have seen plenty of articles about the making sure that the user performing the action has the "Include inheritable permissions from this objects parent". 
  I did check my Exchange admin user and this was not ticked.  Turns out that because I was also a domain admin so my account was in a protected group (Domain admins) the tick box was continually being removed.
  I created a new Exchange user that was in the Exchange Organization Administrators security group, made sure the above box was ticked on the account but this did not fix the problem.
  I have however noticed in Adsiedit that the "CN=All Address Lists" container does not have the "Include inheritable permissions from this objects parent" ticked.  I suspect that this might be the issue but I don't want to tick it
  in case it breaks my address lists.
  Should the inherit box be ticked on the "CN=All Address Lists" container?.  It is ticked on all the containers under the "CN=All Address Lists" container. 
  At present the only Exchange permissions on the container are:
  Exchange Admins: Full Control
  Exchange Domain Servers: Read
  Exchange Services: Full Control
  I think that crucially the "Exchange Trusted Subsytem" security group is not listed
  I have added my new Exchange account with Full control permissions but this has not made a difference
  Your hopefully
  Matt

  Hi Matt,
  From your description, I would like to clarify the following things:
  1. "Include inheritable permissions from this object's parent" should be checked.
  2. "Exchange Trusted Subsystem" should be added to the All Address Lists container.
  So you are in the right direction.
  Hope this can be helpful to you.
  Best regards,
  Amy Wang
  TechNet Community Support

• Lync Server Control Panel : Insufficient access rights to perform the operation;

  Hi team,
  I have a strange problem in managing Lync users through control panel. But I can enable/disable and Manage users through power shell. Am getting an error " Insufficient Rights to perform the operations" when i try through control panel
  Please can someone help me urgently on tihs. I have all the users in a separate OU from where the RTC and CS groups are available. Is there any issue with the delegation?

  Hi,
  You will receive this error message when you attempt to manage Lync users who are members of protected admin groups in Active Directory (such as Enterprise Administrators etc.).
  Typically I use Lync Management Shell, so don't get this error often as it only occurs in the Control Panel.
  Editing the properties of the user object you are attempting to enable / disable in AD, and enabling inheritance on under the security tabs advanced options will also work around the problem, but you may not wish to do this. The inheritance change will revert
  itself in 15 minutes or so I believe.
  Perhaps someone can advise of an alternate solution through group membership / permissions, but as I don't have the issue often I've not looked into it at any great depth.
  Kind regards
  Ben
  Blog:www.gecko-studio.co.uk/ 
  Twitter:
    LinkedIn:
    Facebook:
  Note: If you find a post informative, please mark it so using the arrow to the left. If it answers a question you've asked, please mark the thread as answered to aid others when they're looking for solutions to similar problems
  or queries.

• Oracle -Essbase - Integration Server Control

  I am using Essbase version 9.3.1 and want to create OLAP model with the Integration Services Console. I would be very grateful if you could help me to model the following secnario:
  I have a fact table with two columns (say ManagerId & EmployeeId) referenced to the same dimension table (say Employee table). How do I model this to create an OLAP model in Integration Service Console please?
  I could create a separate User Defined Table (copy of Employee table) and join fact table's ManagerID to this new table. But I am not sure how this would affect to the performance of the cube.
  Thank you in advance.

  Hi Scot
  Thank you very much for the answer. I am new to Essbase and my experience on OLAP comes from MS SSAS. I could model this scenario in SSAS without any problem. In SSAS I could create a different dimension based on an existing dimension. I would model above scenario by dragging the table second time (and give a different name) and join to fact table's second column. Let's see whether this would work. Once again thank you very much for your help & suggestion. Mean time if you have a better suggestion please do tell me.
  Thank you.
  Regards
  Chandra

• Identity Server - orcladmin access rights

  Hi,
  I have created the identity server which points to the directory server and have marked orcladmin as the master administrator. When I login into the Identity Server using the orcladmin user and try to create users, the message Insufficient Access Rights is displayed in red. Any idea why this might be happening.
  TIA
  Rgds..VJ

  Thanks..Working now
  Just one basic question - Are these workflows configured as per the role given e.g. create user basic profile is tagged to the identity administrator role ? So can we configure only a predefined set of workflows which automatically get mapped to the roles available ?
  Tks...VJ

• "Directory manager" getting  "ldap_modify_s: Insufficient access"

  When I try to modify the userpassword and other attribute for an object using the "Directory manager" ID
  It giving me the error "ldap_modify_s: Insufficient access"
  As per my knowledge "Directory Manager" will have all the permission to modify all the entries in ldap.
  But why its giving me the error "ldap_modify_s: Insufficient access",
  Is there any Acl setting for "directory manager" in ldap?where?
  Thanks

  Hi Mohan,
  Can you elaborate more on the problem you are getting.
  As far as I know the error "ldap_modify_s: Insufficient access" generally will come when the server is on read-only mode.
  Regards