Re: Exchange 2003 Event 8270 and Event 8022


Thank you for your resonse. I have seen this article and the permission to
modify was already present. The special permission which applies to group
objects has the following permissions:

List Contents - Allow
Read All Properties - Allow
Read Permissions - Allow
Modify Permissions Allow

I also added a permission of CHILDDOMAIN\Exchange Enterprise Severs - Full
Control.

Do you have any other suggestions?


"Bharat Suneja [MVP]" wrote:

Did you take a look at the following:
XADM: Recipient Update Service Stops Responding with Event ID 8022
http://support.microsoft.com/kb/287137

--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
exchangepedia.com/blog
------------------------------


"Mario Carbajal" <Mario Carbajal@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F8C8B761-DDCD-4BFE-A91F-3DC6351C6C16@xxxxxxxxxxxxxxxx

Domain is comprised of one root domain, with several child domains, and
the
exchange server housed in the root domain. This network is not fully
routed,
and the problem appears in one domain which only has access to the forest
root, but not the other child domain.

Event Log Entries:


Event Type: Error
Event Source: MSExchangeAL
Event Category: LDAP Operations
Event ID: 8022
Date: 4/9/2007
Time: 1:03:29 PM
User: N/A
Computer: EXCHSRV1
Description:
LDAP Modify on directory child-dc1.child-domain.root-domain.com for entry
'<GUID=42CFE00E0D61254399D83077D8D4485E>' was unsuccessful with
error:[0x32]
Insufficient Rights [ 00002098: SecErr: DSID-03150A45, problem 4003
(INSUFF_ACCESS_RIGHTS), data 0
]. DC=child-domain,DC=root-domain,DC=com

For more information, click http://www.microsoft.com/contentredirect.asp.


_______________________


Event Type: Error
Event Source: MSExchangeAL
Event Category: LDAP Operations
Event ID: 8270
Date: 4/9/2007
Time: 1:03:29 PM
User: N/A
Computer: EXCHSRV1
Description:
LDAP returned the error [32] Insufficient Rights when importing the
transaction
dn: <GUID=42CFE00E0D61254399D83077D8D4485E>
changetype: Modify
showInAddressBook:add:CN=All Users,CN=All Address Lists,CN=Address Lists
Container,CN=MyOrgName,CN=...
: CN=Default Global Address List,CN=All Global Address Lists,CN=Address
Lists Cont...
mail:john.smith@xxxxxxxxxxxxxxx
textEncodedORAddress:c=US;a= ;p=MyOrgName;o=Exchange;s=Smith;g=John;
proxyAddresses:SMTP:john.smith@xxxxxxxxxxxxxxx
: X400:c=US;a= ;p=MyOrgName;o=Exchange;s=Smith;g=John;
: smtp:john.smith@xxxxxxxxxxxxxxx
msExchPoliciesIncluded:add:{DD96AC9A-9511-40C3-B8E0-E6AED332E570},{26491CFC-9E50-4857-861B-0CB8DF22B5D7}
msExchUserAccountControl:0
msExchALObjectVersion:51
objectGUID:42CFE00E0D61254399D83077D8D4485E
-
DC=child-domain,DC=root-domain,DC=com

For more information, click http://www.microsoft.com/contentredirect.asp.


_________________________________


Event Type: Warning
Event Source: MSExchangeAL
Event Category: Address List Synchronization
Event ID: 8168
Date: 4/9/2007
Time: 1:03:29 PM
User: N/A
Computer: EXCHSRV1
Description:
Could not modify the object: 'CN=John
Smith,OU=DeptContainerEmp,OU=DeptContainer,OU=Location,OU=CompName,DC=child-domain,DC=root-domain,DC=com'.
DC=child-domain,DC=root-domain,DC=com

For more information, click http://www.microsoft.com/contentredirect.asp.


____________________________________

My problem is that new accounts do not get stamped by RUS with e-mail
addresses for either contacts or user accounts. I am using one test
account
in an attempt to isolate the issue, but I have not made any progress.


Things I have checked:

CHILDDOMAIN\Exchange Domain Servers (Members): Blank. Same in child
domains,
but is this correct?

CHILDDOMAIN\Exchange Domain Severs (MemberOf): CHILDDOMAIN\Exchange
Enterprise Servers, CHILDDOMAIN\Pre-Windows 2000 Compatible Access

CHILDDOMAIN\Exchange Enterprise Servers (Members): ROOTDOMAIN\EXCHSRV1,
Then
an Exchange Domain Servers group of each child domain and the problem
domain.

I thought I had a permission problem, so I ran setup /domainprep on the
child domain, but the problem still persists.

I all RUS entries configured to never run, except for the RUS for the
problem child-domain. Accounts can be created and mailboxes stamped by
RUS
in other domains, but not this one.

Any help resolving this problem would be appreciated.


.

Relevant Pages

  • Re: Office 2007 NTFS Permissions problem
    ... Word and Excel 2003 save working COPIES of open files on ... The copies remain OPEN while they're open in Word/Excel. ... That would require modify permission because the file wasn't already ...
    (microsoft.public.office.misc)
  • Re: Applying NTFS Folder Permissions
    ... 2nd paragraph indicates that "Modify" in the first paragraph should have ... which the HR group has been granted the Read permission and the 4th Floor ... Giorgio is attempting to access a folder for which the HR ...
    (microsoft.public.cert.exam.mcsa)
  • Re: Restricting Domain Admins
    ... > Change the security on the adminSDHolder container so that domain admins ... > Modify Permissions ... >>> Removed Modify permission ... >>> Removed modify owner permission ...
    (microsoft.public.windows.server.security)
  • Re: Restricting Domain Admins
    ... Modify Permissions ... the settings I have changed stop domain admins from ... >> Removed Modify permission ... >> Removed modify owner permission ...
    (microsoft.public.windows.server.security)
  • Re: [OT] Silly (copyright?) claim by "Galen".
    ... >> alternative newsgroup servers relates exactly how to my signature? ... but not in a web browser? ... and doesn't require any special permission. ... I accept, and know, that crossposting exists on newsgroups. ...
    (comp.security.misc)