Hi,
We have a .NET application that creates user mailboxes and other stuffs in Exchange server. Recently, I've added a Exchange 2013 Server with CU6 in the test domain and tried to create user mailbox in the Exchange server through our code. But ran into a issue.
The following error is received by our code:
Error occured while executing PS command. Error : Active Directory operation failed on E2E100SPT2013RF.spt.resource.forest. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150BC1, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
On the Exchange server found the following error in the event log:
|
|
|
-Identity "spt.resource.forest/ocs tenants/exch19062015org1.test/u2@exch19062015org1.test" -Database "Mailbox Database 1033272470" -Alias "u2" -DomainController "E2E100SPT2013RF.spt.resource.forest"
-PrimarySmtpAddress "u2@exch19062015org1.test" |
|
|
|
spt.resource.forest/Users/Administrator |
|
|
|
S-1-5-21-917764294-1177313591-2627756481-500 |
|
|
|
S-1-5-21-917764294-1177313591-2627756481-500 |
|
|
|
Remote-PowerShell-Unknown |
|
|
|
6932 w3wp#MSExchangePowerShellFrontEndAppPool |
|
|
|
View Entire Forest: 'False', Default Scope: 'spt.resource.forest', Configuration Domain Controller: 'E2E100SPT2013RF.spt.resource.forest', Preferred Global Catalog: 'E2E100SPT2013RF.spt.resource.forest',
Preferred Domain Controllers: '{ E2E100SPT2013RF.spt.resource.forest }' |
|
|
|
Microsoft.Exchange.Data.Directory.ADOperationException: Active Directory operation failed on E2E100SPT2013RF.spt.resource.forest. This error is not retriable. Additional information: Insufficient access
rights to perform the operation. Active directory response: 00002098: SecErr: DSID-03150BC1, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 ---> System.DirectoryServices.Protocols.DirectoryOperationException: The user has insufficient access rights. at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32
messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut) at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout) at Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest
request, LdapOperation ldapOperation, Nullable`1 clientSideSearchTimeout, IActivityScope activityScope, String callerInfo) at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId,
Boolean emptyObjectSessionOnException, Boolean isSync) --- End of inner exception stack trace --- at Microsoft.Exchange.Data.Directory.ADDataSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32
totalRetries, Int32 retriesOnServer) at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync) at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject
entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException) at Microsoft.Exchange.Data.Directory.ADDataSession.Save(ADObject instanceToSave, IEnumerable`1 properties, Boolean bypassValidation) at Microsoft.Exchange.Management.RecipientTasks.EnableMailbox.PrepareRecipientObject(ADUser&
user) at Microsoft.Exchange.Management.RecipientTasks.EnableRecipientObjectTask`2.PrepareDataObject() at Microsoft.Exchange.Configuration.Tasks.SetTaskBase`1.InternalValidate() at Microsoft.Exchange.Configuration.Tasks.RecipientObjectActionTask`2.InternalValidate()
at Microsoft.Exchange.Management.RecipientTasks.EnableMailbox.InternalValidate() at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b() at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean
terminatePipelineIfFailed) |
|
|
|
System.DirectoryServices.Protocols.DirectoryOperationException: The user has insufficient access rights. at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation
operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut) at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout) at Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest
request, LdapOperation ldapOperation, Nullable`1 clientSideSearchTimeout, IActivityScope activityScope, String callerInfo) at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId,
Boolean emptyObjectSessionOnException, Boolean isSync) |
|
|
|
0 objects execution has been proxied to remote server. |
|
|
|
ActivityId: 5ffc6148-476a-4357-9ea1-220c29b33c6c |
|
|
|
ServicePlan:;IsAdmin:True; |
I almost tried everything, but still the error persist. This is becoming a nightmare for me.
Please can somebody help me to sort out this permission related issue. (From the log I guess this is a permission issue, but unable to find where exactly the permission is to be set).
Thanks in advance,
Arnab