Hi, I created a custom role for our level 1 help desk folks that allow them to only edit fields for Exchange accounts that pertain to contact information in the address book. (Title, Department, Phone #, etc.) When they try to save the changes, the following error pops up, and they can't save: Recipient "domain/ou/username" couldn't be read from domain controller "dc name". This may be due to replication delays. Switching out of Forest mode should allow this operation to complete successfully. Could this be a rights issue, or is there something wrong with the powershell cmdlet ECP is trying to run in the background against this role member? If I use ECP with my account that has higher privileges (Organization Admin) or an account with Recipient Admin privileges, there is no error. We know there are no replication issues. The accounts in the custom role are also members of the Account Operators group in AD. Thanks, Craige Lukowicz

Hi, Based on my research, I suggest you upgrade the Exchange server to Service Pack 1, and then refer to the following articles to customize a new administrator role. http://technet.microsoft.com/en-us/library/dd638209.aspx http://technet.microsoft.com/en-us/library/dd638105.aspx Thanks.Novak Wu-MSFT

Hi, Judging by all the problems being reported by admins applying SP1 to their servers on the msexchangeteam blog, upgrading immediately to SP1 isn't really an option. Customization was touted as a feature with the RTM code for this product. I need to know why a custom role would be getting this error message, when I can put the user in the Help Desk role and they don't receive the error message at all. Problem with the help desk role is it is the only out of the box role with limited rights for our phone admins, but it doesn't allow editing of the fields they need to do their jobs. It's my understanding that the ECP interface in SP1 is doing essentially the same thing with a GUI interface that I tried to do via the Exchange Management Shell. Have the cmdlets changed, or is there a reason why this error message is popping up with the custom role I created?

Actually, there are several improvement on ECP after installing SP1. To troubleshoot the issue, it’s highly recommended to install SP1 and refer to above article to customize an administrator role via interface to check the result. If the issue persists, please capture the error message and upload it to Skydrive (www.skydrive.live.com), and then share the link to me for research. For more information about Exchange 2010 SP1, please refer to the following article: What's New in Exchange 2010 SP1Novak Wu-MSFT

Again, I can't just install SP1 into production, and our management isn't willing to take the risk right now because of the widespread problems being reported with the install. I need to know what to do in order to correct the error we're seeing - when an open field, such as Department or Title is edited by an admin in the custom role, and they click "Save" in ECP, they see the following text in a popup: Recipient "domain/ou/username " couldn't be read from domain controller "dc name ". This may be due to replication delays. Switching out of Forest mode should allow this operation to complete successfully. All we're trying to do is put these admins in a custom role where they only have access to edit Phone #, Fax #, Mobile Phone #, Address, Title, and Department, so they can update user information in the Address Book. I don't want to give them the Exchange Management Console, or Powershell, and the only out of the box role that opens up those fields is recipient management, which gives them too much in the way of rights. We cannot install SP1 until all the problems that have been reported with the installation have been fixed, so at this time it is not a solution. I need to work with the version we are running, which is at the Update Rollup 3 level.

Does anyone have an answer for this besides "install SP1?" Or, at the very least, can someone tell me where this error message is coming from? I need to get this resolved, and an upgrade is not possible at this time. Thanks.

Ok. I got past the error - I had view-only recipients in addition to User Options. I removed View-Only, and now I can edit without an error message - the problem I still have is anything under the Organization tab (Title, Department, etc) still cannot be edited. What I did was this: I created an unscoped Custom role called Service Desk Admins I added the User Options role to this, which opens up most of the fields I need, except those under the Organization tab. What powershell commands do I need to run to open these up, or am I stuck putting our service desk folks in Recipient Management? Again, this is Exchange 2010 Update Rollup 3. We cannot install SP1 because of the issues people have been having, plus our BES isn't supported under SP1, so please don't suggest it. I can't do it.... Thanks.