Hey Everyone, I've got an Exchange 2007 SP3 deployed on a Windows 2008 r2 server. I'm trying to create a mailbox by selecting run-as on Exchange Powershell on the server with an account that has "Recipient Administrator" rights and the command fails as outlined below: [PS] C:\Windows\system32>Enable-Mailbox -Database "Exchange07\DB1" -Identity FIM\DJenkins -Alias DJenkins -DisplayNa me "John Jenkins" -Verbose VERBOSE: Enable-Mailbox : Beginning processing. VERBOSE: Enable-Mailbox : Searching objects "Exchange07\DB1" of type "MailboxDatabase" under the root "$null". VERBOSE: Enable-Mailbox : Previous operation run on domain controller 'DC.FIM.LOCAL'. VERBOSE: Enable-Mailbox : Searching objects "FIM\DJenkins" of type "ADUser" under the root "$null". VERBOSE: Enable-Mailbox : Previous operation run on domain controller 'DC.FIM.LOCAL'. VERBOSE: Enable-Mailbox : Applying RUS policy to the given recipient "FIM.LOCAL/FIMObjects/John Jenkins" with the home domain controller "$null". VERBOSE: Enable-Mailbox : The RUS server that will apply policies on the specified recipient is "EXCHANGE07.FIM.LOCAL". VERBOSE: Enable-Mailbox : Searching objects of type "ADRecipient" with filter "(&((!((Id Equal FIM.LOCAL/FIMObjects/John Jenkins)))(|((EmailAddresses Equal SMTP:DJenkins@fim.local)))))", scope "SubTree" under the root "$null". VERBOSE: Enable-Mailbox : Processing object "FIM.LOCAL/FIMObjects/John Jenkins". VERBOSE: Enabling Mailbox "FIM\JJenkins" on Database "Exchange07\DB1". VERBOSE: Enable-Mailbox : Saving object "FIM.LOCAL/FIMObjects/John Jenkins" of type "ADUser" and state "Changed". VERBOSE: Enable-Mailbox : Previous operation run on domain controller 'DC.FIM.LOCAL'. Enable-Mailbox : Active Directory operation failed on DC.FIM.LOCAL. This error is not retriable. Additional i nformation: Insufficient access rights to perform the operation. Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 At line:1 char:15 + Enable-Mailbox <<<< -Database "Exchange07\DB1" -Identity FIM\JJenkins -Alias JJenkins -DisplayName "John Jenkins" -Verbose + CategoryInfo : NotSpecified: (0:Int32) [Enable-Mailbox], ADOperationException + FullyQualifiedErrorId : 4FC36DDD,Microsoft.Exchange.Management.RecipientTasks.EnableMailbox VERBOSE: Enable-Mailbox : Ending processing. I've even tried to assign Exchange Org Admin rights to the execution account and it still fails. If I login using the Exchange Admin account the command executes succesfully. Any ideas on what might be causing the issue? Thanks Neil

Quote: “I'm trying to create a mailbox by selecting run-as on Exchange Powershell on the server with an account that has "Recipient Administrator" rights and the command fails … If I login using the Exchange Admin account the command executes succesfully” Then, if you login using that recipient administrator account directly, will the command execute successfully as well? Could the issue be reproduced on a workstation? How to Install the Exchange 2007 Management Tools Please check if the “Allow inheritable permissions … “ checkbox of the problematic recipient administrator account has been selected via ADUC, and also check the checkbox in the OU level In the ADUC, please make sure that “Exchange Servers” group is inherited on the domain level Please run ExBPA against the exchange servers for permission and health checkPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

How's the issue currently? Any further information?Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.