Re: Problem with creating email-enabled objects and SMTP addresses

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance


Petr Komenda wrote:
> Hello,
>
> we are experiencing the same problem after instalation of SP1 for W2003
> server, adding user to the administrators of exchange server helps, but is
> no solution for us.
>
> Any solution???
>
> Thank you
> Petr Komenda
>
>
>
> "Shawn Kondel" <Shawn.Kondel@xxxxxxx> wrote in message
> news:O$z3EmCiFHA.3960@xxxxxxxxxxxxxxxxxxxxxxx
> >
> > I am having trouble creating mail-enabled contacts and users (can't get
> > pass
> > Create an Exchange e-mail address part). Or adding additional SMTP
> > addresses to mail-enabled groups and mailbox-enable users). I can only
> > create mailbox-enable users and mail-enbled group both using default SMTP
> > address. All this from Windows XP workstation using Active Directory
> > Users
> > and Computer MMC snap-in using logging on as standard domain user. (no
> > administrator privilege)
> >
> > Error message popup as I tried to adding SMTP addresses.
> > ------
> > An Exchange Server could not be found in the domain.
> > Check if the Microsoft System Attendant service is running on the Exchange
> > Server.
> >
> > ID no: c10308a2
> > Microsoft Active Directory - Exchange Extension
> > -----
> >
> > I even delegated the user the full control permission on all available
> > objects from Active Directory U&C Manager. And even gave Exchange Full
> > Administration permission. But still have same error results. I already
> > went through "Working with Active Directory Permission in Exchange Server
> > 2003" from MS TechNet and use some of the DSACLS snippets to create
> > appropriate objects. Didn't work.
> >
> > But when I put user as a member of administrators group, THAT WORK, I have
> > no trouble adding or modifying SMTP addresses. (BUT this is something I do
> > NOT want to have). Exchange Admin users are to administer the designated
> > OU
> > objects only, not give them full control to other OU objects or to create
> > other objects beside users, groups, and contacts.
> >
> > Is there a fix or workaround from all this?
> > I spent weeks trying to figure this one out. I can do all this remotely
> > to
> > Exchange 2000 on Windows 2000 server remotely, but not to Exchange Server
> > 2003 on Windows Server 2003
> >
> > Environment:
> >
> > Server:
> > Windows Server 2003 SP1
> > Exchange Server 2003 SP1
> >
> > Examine user credentials:
> > member of domain Users group
> > delegated as Exchange View Only Administration
> > delegated tasks of creating and deleting Users, Group, and Contacts
> > objects
> > using Active Directory Users and Computer Delegate Control wizard.
> >
> > Workstation:
> > Windows XP SP2
> > Windows Server 2003 SP1 Administration Tools Pack
> > Exchange Server 2003 System Management Tool
> >
> >
> > Shawn Kondel
> > USU Math & Stat Department.
> > Utah State University
> >
> >
> >

Hey guys,
I just finished troubleshooting this issue with Microsoft and they are
currently working on the knowledgebase article for it. The one they
created internally was not accurate, anyway the problem lies in the
fact that they have removed anonymous access to the Service Control
Manager in Windows 2003 SP1 and therefore your client trying to create
SMTP addresses is not able to query the System Attendant service to
check and make sure everything is OK. Follow these steps to correct
the issue

run the following command from a command prompt on the Exchange
servers:
sc sdset scmanager
"D:(A;;CCLCRPRC;;;<SID>)(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)"
(without the quotation marks)

* Note <SID> is to be replaced with the SID (Security Identifier) of
the group of users you want to grant permissions to. The easiest way
to get this value is to dump the user out using LDP.exe. Please let me
know if you need any assistance getting the value. The attribute will
be objectsid: 5-1-5...

271201 XADM: Alternative Methods to Obtain a Dump of an Object
http://support.microsoft.com/?id=271201

.

Relevant Pages

  • Re: Connection to a SAMBA Active Directory
    ... Keep in mind that you're trying to setup a NT4 style trust ... if you setup the Exchange as a resource forest model, ... domain and the Exchange server in another domain will work. ... I am able to define a 2 way Realm trust using the Active Directory ...
    (microsoft.public.exchange.connectivity)
  • Re: Connection to a SAMBA Active Directory
    ... domain and the Exchange server in another domain will work. ... I am able to define a 2 way Realm trust using the Active Directory ... There is a bit of confusing on the SAMBA side. ...
    (microsoft.public.exchange.connectivity)
  • Re: Home Network Dilemma
    ... You must understand Active Directory first, in order to implement Exchange. ... Matter of fact, Exchange must alter Active Directory prior to installation, to accomodate the changes. ... On top of that, an understanding of DNS is required, because AD will not work if DNS is not implemented properly for its internal use only, and on top of that, an understanding of DNS on the internet is required in order to manipulate public records so others in the world can 'find' your mail server on your network. ...
    (microsoft.public.windows.server.networking)
  • Re: Configuration / Protocols Missing
    ... and I removed the E55 server. ... the ADCConfigCheck deployment tool (Check Exchange ... The tool searches Active Directory by ... >> its endpoints are the Site Replication Service and a global catalog ...
    (microsoft.public.exchange.setup)
  • Re: Exchange 2003 Disaster Recovery 1.mal / Wiederherstellung
    ... und habe dem Exchange Server im ADS einen neuen Namen gegeben. ... Und im ADS bei einem Exchange user bekomme ich die Meldung (Exchange ... > an Active Directory operating system installation that was saved in the past ...
    (microsoft.public.de.exchange)