I have Installed AD on Window 2008 R2 Machine and than installed Exchange 2010 on same machine. Now i have installed Exchange Management Control on other machine which which i am creating mailbox for a user ,I am getting user don't have proper permission to create mail user. Please help me to know what all permission are required to the user. Regards,

What Exchange groups is this user a member of?James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Related to Exchange this user is member of " Exchange security Group"

The user will either need to be a member of Recipient Management or Organisation Management to create users. These roles can be assigned using the Exchange Control Panel. Steve

Not enough, need to be recipient or org management mentioned by Steve.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

thanks for the response still i am getting below error while creating mailbox Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 Thnaks

Previously it was having Organization Management Group same issue was coming so I have given administrator both Orginization and Recipient Management Group. still no progress

Hello, Please go to the user properties in AD, and then click Security tab, and then click advanced and select "Include inheritable permissions from this object's parent", and click apply and ok. Best Regards, Lisa

i have clicked on my created orgainization -->properties-->security-->advance and check the above (Include inheritable permissions from this object's parent",) its already checked. :(

Are you actually using the "administrator" account? Can you use a separate non built in account?James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Yes I am using the domain Administrator account

can you tell me how to create other account and what all permission is required to be given to same account.

Can you post the exact error? Can you perform any other task, for e,g create a connector or a mbx DB?Sukh

23/2012 7:56:15 AM <ERROR>: Class-> PowerShellExchangeServiceImpl Method -> Create, Message -> Error while creating UserMailbox for User TEST7@example.local. Message is Problem while PowerShell execution abcd.Framework.Common.Exceptions.ConnectorException: Active Directory operation failed on WIN-8RNF13ABCD.example.local. This error is not retriable. Additional information: Insufficient access rights to perform the operation. Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

Create a new user, put him in domain admins and exchange org admin for now. Possibly the admin account may have some hidden deny ACE somewhere in the exchange config, DB etc.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

How many DC/GC do you have? Can you check the 2080 event id in the app log?Sukh

we have forest structure with 3 sub domain, but as of now i am creating in top domain. can you tell me where to see "2080 event id in the app log"

You will find event 2080 in the application log in event viewer. Please open up Exchange management shell and try to create the mailbox and post the error message you get in the EMS. It may be issue with the remote powershell execution policy. Type "Get-ExecutionPolicy" to view your execution policy settings and post the output here Also please make sure you are logged into domain. You can verify the same by running Set u command. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Hasnain Shaikh| My blogs: http://messagingserversupport.com

Hi I am getting "RemoteSigned" can you tell me the exact path to open this log am not bale to find the same,

event viewer>app logSukh

i am not able to find the log file Please guide me where i need to look for this app log.

 1. On the Start menu, point to All Programs, point to Administrative Tools, and then click Event Viewer. 2. In Event Viewer, click Application3. Look for ANY error and and information log with an ID of 2080 Sukh

thanks sukh for your input.

thanks sukh for your input. So what was the resolution?Sukh

actually problem was with the permission with which services was running

actually problem was with the permission with which services was running