Transition from Exchange 2003 To Exchange 2010(Active directory response: 00002098 While Installing)
Hi, With Domain/Adm With Domain\Administrator account, i just try to transit 2003 to 2010 SP1.But i am unable to install due to the following Error. I was checked with Microsoft Security Exchange Group, Administrator Inheritance attribute, Administrator Permission : ***Calling EffectiveRights... "administrator" is allowed 0x000F01FD (Write, List object, Write DACL, Write owner, Create child, Delete, Delete tree, Control access) for "DC=domian,DC=com" *** Warning: these rights were evaluated on the local computer. The actual effective rights evaluated on the AD DC/LDS instance may be different. ----------- ***Calling EffectiveRights... "administrator" is allowed 0x000F01FF (Full control) for "CN=Configuration,DC=domain,DC=com" *** Warning: these rights were evaluated on the local computer. The actual effective rights evaluated on the AD DC/LDS instance may be different. ----------- Error As Follows : Organization Preparation Failed Error: The following error was generated when "$error.Clear(); initialize-AdminGroupPermissions -DomainController $RoleDomainController " was run: "Active Directory operation failed on dc.domain.com. This error is not retriable. Additional information: Insufficient access rights to perform the operation. Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 ". Active Directory operation failed on dc.domain.com. This error is not retriable. Additional information: Insufficient access rights to perform the operation. Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 The user has insufficient access rights. Click here for help... http://technet.microsoft.com/en-US/library/ms.exch.err.default(EXCHG.141).aspx?v=14.1.218.11&e=ms.exch.err.Ex88D115&l=0&cl=cp Elapsed Reagrds Nayan Regards, Nayan
May 12th, 2012 5:08pm

This account is in the Exchange org group?James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
May 12th, 2012 5:12pm

Yes,This acoount is in Exchange Org Group as this is the Builtin Domain Administrator Account. Regards NayanRegards, Nayan
May 13th, 2012 5:21am

That is strange then. Default domain admin account should also be member of enterprise (and schema) admins group as well, which your first post seems to indicate. * ***Calling EffectiveRights... "administrator" is allowed 0x000F01FF (Full control) for "CN=Configuration,DC=domain,DC=com" *** Warning: these rights were evaluated on the local computer. The actual effective rights evaluated on the AD DC/LDS instance may be different. * I might create a new custom admin account with membership in all required groups and see if that works - just to see.Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.
Free Windows Admin Tool Kit Click here and download it now
May 13th, 2012 8:22am

Offcourse its strange, But i already tried with different admin account with allprevilages for Exchange Installation, But still we have the same problem. Regards NayanRegards, Nayan
May 13th, 2012 1:36pm

You likley have a hidden deny ACE, the most common seems to be regarding the PF. Check your exchangesetup.log it will show you. CN=public folder (in configuration patition) see if you see a deny permission for everyone group if so uncheck deny permissionJames Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
May 13th, 2012 2:24pm

Hi, This is happen due to SDPROP error SDPROP process :This is usually caused by the users being members of administrative groups (e.g. Domain Admins). Once an hour the SDPROP process will kick off and turn off inheritable permissions for these types of users. The only way to prevent this is to remove the users from the administrative group(s) and re-enable inheritance. Regards, Nayan Regards, Nayan
June 29th, 2012 8:47am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics