Installed Security Update KB3040856 and went to a distribution group in eac to add send-as permissions and get a lovely AD error with the following message.

Active Directory operation failed on xyz.server.com. This error is not retriable. Additional information: Access is denied. Active directory response: 00000005: SecErr: DSID-03152612, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

After thought I went and tested this update in my testlab and found that it created the same issue. However In my testlab I was able to rerun setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms and was able to resolve this issue. I ran this in production and it didn't fix my issue. Anyone have any other suggestions. This issue didn't exists prior to installing this update.

Hi,

Cumulative Update 7 includes Exchange-related updates to Active Directory schema and configuration. Please run the following commands to prepare AD:

Setup.exe /PrepareSchema /IacceptExchangeServerLicenseTerms

Setup.exe /PrepareAD /OrganizationName:"<organization name>" /IacceptExchangeServerLicenseTerms

Setup.exe /PrepareAllDomains /IAcceptExchangeServerLicenseTerms

For information on extending schema and configuring Active Directory, please review Prepare Active Directory and Domains in Exchange 2013 documentation. Additionally, please refer to the following article to know more about Exchange 2013 CU7:

http://blogs.technet.com/b/exchange/archive/2014/12/09/exchange-releases-december-2014.aspx

Regards,