Monthly Archives: September 2012

Exchange OAB Issues

Exchange 10 server was deployed, this organisation was not using Address List Segregation.

Despite this, I cannot get any items to display in the Global Address List in Outlook – however the list is fine in OWA.

Some relevant attributes in ADSI:

CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mail,DC=local

addressBookRoots: CN=All Address Lists,CN=Address Lists Container,CN=mail,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mail,DC=local

globalAddressList: CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=mail,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mail,DC=local

CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=mail,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mail,DC=local

Permissions:

Make sure all users can read list and there are no user Denys.

 

 

Exchange 2003 to 2007 Permissions issues

After moving some mailboxes i got the following error:

Exchange ActiveSync doesn’t have sufficient permissions to create the “CN=[user name],OU=[User OU],DC=[domain],DC=com” container under Active Directory user “Active Directory operation failed on [DC server name]. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03151E07, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
“.
Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type “msExchActiveSyncDevices” and doesn’t have any deny permissions that block such operations.

Details:%3

Solution:

Open Active Directory console, make sure advanced features are on then:

Open user account properties in Active Directory Users and Computers, change to Security tab > Advanced – check Include inheritable permissions from this object’s parents.

This fixes error.