This error is not retriable. Additional information: Access is denied.

Im experiencing the following error while trying to create groups, resources etc.

Active Directory operation failed on DC1.local. This error is not retriable. Additional information: Access is denied. Active directory response: 00000005: SecErr: DSID-031521E1, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

I have tried

adprep

Welcome to Microsoft Exchange Server 2013 Unattended Setup

Performing Microsoft Exchange Server Prerequisite Check

Prerequisite Analysis COMPLETED

Configuring Microsoft Exchange Server

Organization Preparation COMPLETED

The Exchange Server setup operation completed successfully.




  • Edited by JacoOnline Monday, April 08, 2013 11:49 AM changes
April 8th, 2013 11:36am
Has your user account is member of Enterprise and schema admin ? 
  • Edited by Lakhan S Monday, April 08, 2013 1:14 PM
Free Windows Admin Tool Kit Click here and download it now
April 8th, 2013 1:13pm
yes it is.
April 8th, 2013 1:37pm

a.       Launch ADSIEditor.msc

b.      Expand Configuration->Sites

c.       Right-click the site that exchange 2007 server stays, select Properties

d.      Locate distinguishedName attribute and copy the value into notepad

Notes: You can also use <nltest /dsgetsite> to confirm that exchange servers location

e.      Expand Configuration->CN=Configuration, DC= Domain_Name ,DC=com->CN=Services ->CN=Microsoft Exchange->CN= Your_Organization_Name-> CN=Administrative Groups ->CN= Exchange Administrative Group (FYDIBOHF23SPDLT)->"CN=Servers

f.        Right-click the exchange 2007 server, select Properties

g.       Locate msExchServerSite attribute, make sure the value in it matches to the value in the notepad

Possible cause 2: The issue is that Authenticated Users group was not found or set properly under the Properties of the Sites object in AD

Resolution:

a.       Launch ADSIEditor.msc

b.      Expand Configuration->Sites

c.       Right-click the site that exchange server stays, select Properties

d.      In the Security tab, make sure Authenticated Users group has the Read permission allowed, besides the inheritable permission Special Permissions

  • Proposed as answer by Lakhan S Monday, April 08, 2013 5:31 PM
Free Windows Admin Tool Kit Click here and download it now
April 8th, 2013 5:31pm
This is exchange 2013?
April 9th, 2013 7:53am

Hi ,

You can try it to check inheritable permission.

You can also create a new account instead of admin, add the account to the groups the original admin has.

Free Windows Admin Tool Kit Click here and download it now
April 9th, 2013 8:44am
This is exchange 2013?

After 3weeks i found my sollution

open Powershell for exchange 2013

Add-ADPermission "User Name" -User "domain\user1" -Extendedrights Receive-As

Add-ADPermission "User Name" -User "domain\user1" -ExtendedRights Send-As

where username is the account name and user1 is the actual account.

ie. John Doe & johnd


  • Edited by JacoOnline Wednesday, April 24, 2013 1:51 PM changes
  • Proposed as answer by rometheis wize Saturday, January 11, 2014 7:38 PM
April 24th, 2013 1:50pm
This is perfect.  A client has a need for BES 5 and I was running into trouble with the Send As permission but your solution worked like a charm and it was simple.  Thanks
Free Windows Admin Tool Kit Click here and download it now
January 11th, 2014 7:39pm

Try this.

https://support.microsoft.com/en-us/kb/2983209

September 9th, 2015 9:29pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics