Re: Can't delegate/share to a group - Addendum

From: JoeM (labyzs302_at_NOsneakSPAMemail.com)
Date: 08/30/04

• Next message: sphilip: "452 4.5.3 Too many recipients specified"
• Previous message: trmbr: "Exxchange 2003 Event ID 1026 - MDBEF Errors in the Call stack"
• In reply to: JoeM: "Re: Can't delegate/share to a group - Addendum"
• Messages sorted by: [ date ] [ thread ]

Date: Mon, 30 Aug 2004 05:51:25 GMT

Doh!

It seems to help if I convert Active Directory to native mode along with
Exchange.

Gongrats to Oz for amassing 348.5 medals in the modern Olympics. If it were
earlier here I would try to figure out how one wins 1/2 a medal. It may be
just NBC-speak (NBC is TV network in USA that paid gazillions to cover the
event and had one broadcast channel and 5 cable channels going at various
times of the day).

Thanks for your thoughts and help.

Joe

"JoeM" <labyzs302@NOsneakSPAMemail.com> wrote in message
news:qHpYc.1823$w%6.1111@newsread1.news.pas.earthlink.net...
> The properties do not allow a change from DL to security.
>
> The "Users" container under the domain in the Active Directory Users and
> Computers tree includes users and security groups, but no distribution
> groups. The "My Business" container, under the domain in the same tree,
has
> a container for Groups (contains security groups only) and another for
> Distribution Groups. The General tab on the properties pages for each
> Distribution Group shows the Security Group type grayed out with no way to
> change the group type.
>
> I don't know why I didn't see this before, but the following application
log
> events occurred when I tried to delegate to distribution groups before I
> switched to native mode and still occur after the switch when I try to use
a
> Distribution group in a delegation or a permission.
>
> -----------
>
> Event Type: Warning
> Event Source: MSExchangeIS
> Event Category: General
> Event ID: 1233
> Date: 8/28/2004
> Time: 12:53:32 PM
> User: N/A
> Computer: SMITH-SBS
> Description:
> An error occurred.
> Function name or description of problem: EcSetDSValuesWithGUID
> Error: 0x80004005
>
> For more information, click http://www.microsoft.com/contentredirect.asp.
>
>
> -----------
>
> Event Type: Warning
> Event Source: MSExchangeIS
> Event Category: General
> Event ID: 1233
> Date: 8/28/2004
> Time: 12:53:32 PM
> User: N/A
> Computer: SMITH-SBS
> Description:
> An error occurred.
> Function name or description of problem: EcCvtDLToSecGrp
> Error: 0x80004005
>
> For more information, click http://www.microsoft.com/contentredirect.asp.
>
> -----------
>
> Event Type: Error
> Event Source: MSExchangeIS Mailbox Store
> Event Category: General
> Event ID: 9556
> Date: 8/28/2004
> Time: 12:53:32 PM
> User: N/A
> Computer: SMITH-SBS
> Description:
> Unable to set permission for DL /o=SMITHINVESTMENT/ou=first administrative
> group/cn=Recipients/cn=Test2 because it could not be converted to a
security
> group. This most likely is because your system is in a mixed domain.
>
> For more information, click http://www.microsoft.com/contentredirect.asp.
>
>
> -----------
>
> Thanks for any help,
>
> Joe
>
>
> Glen Trafford" <glen@beehivesystems.com> wrote in message
> news:cgr0pb$30pg$1@otis.netspace.net.au...
> > Go into Active Directory Users and Computers and look at the properties
on
> > the group object. You should be able to switch the group type from DL to
> > > Security.
> > >
> > > Native mode doesn't change the display of admin groups. It mainly
means
> > that
> > > no 5.5 servers will be in your org.
> > >
> > > Cheers
> > >
> > > Glen
> > >
> > >
> > > "JoeM" <labyzs302@NOsneakSPAMemail.com> wrote in message
> > > news:rn6Yc.1056$w%6.375@newsread1.news.pas.earthlink.net...
> > > > Thanks Glen, but I am not able to make this change. I don't know if
I
> > have
> > > a
> > > > problem with Exchange or if it is my lack of knowledge. How should I
> do
> > I
> > > > change a Distribution Group to a Security Group?
> > > >
> > > > I have tried using a DL when assigning Exchange folder permissions
> > through
> > > > Outlook XP, but I get the error message and no change. I don't see
> > > anything
> > > > on either the Dist group or Sec group property pages that seems
> germane.
> > I
> > > > have tried adding an email address to a security group without
impact.
> > > >
> > > > I have noticed at least one other thing that appears strange for a
> > > > native-mode Exchange server: The General Properties shows Native
mode,
> > but
> > > > the two administrative views options can be checked. I thought the
> > > "Display
> > > > administrative groups" option was supposed to be grayed out Could
you
> > > > confirm/comment?
> > > >
> > > > Joe M
> > > >
> > > > "Glen Trafford" <glen@beehivesystems.com> wrote in message
> > > > news:cgp8k8$1sjk$1@otis.netspace.net.au...
> > > > > Try changing the Distribution group to a security group. This will
> > still
> > > > > allow it work as a DL.
> > > > >
> > > > > Cheers
> > > > >
> > > > > Glen
> > > > >
> > > > >
> > > > >
> > > > > "JoeM" <labyzs302@NOsneakSPAMemail.com> wrote in message
> > > > > news:zrLXc.341$w%6.231@newsread1.news.pas.earthlink.net...
> > > > > > I am running Exchange 2000 SP3 on SBS 2000 on a network with one
> > > server
> > > > > box.
> > > > > > When I try to add a distribution group delegate to a mailbox
> through
> > > > > Outlook
> > > > > > 2002 on a Windows XP SP1 machine, it fails with no message. I
can
> > add
> > > > the
> > > > > > group, but it always set the permissions to none.
> > > > > >
> > > > > > When I try to share a folder to a group I get the error "The
> > modified
> > > > > > permissions could not be saved. The client operation failed".
> > > > > >
> > > > > > I can delegate and share to users.
> > > > > >
> > > > > > I am guessing its either some permissions problem or an Exchange
> > > > > corruption,
> > > > > > but I am not making any headway. I have not been able to find
> > anything
> > > > > very
> > > > > > helpful in the NGs or via Goggle searches. Help!
> > > > > >
> > > > > > When I first encountered the problem, E2k was running in mixed
> mode
> > > > > > (default, not brains). I found that this should only work in
> native
> > > > mode.
> > > > > I
> > > > > > switched Exchange to native mode via the properties page. I saw
no
> > > > > complaint
> > > > > > on screen or in logs when I switched. I restarted the whole
server
> > for
> > > > > good
> > > > > > measure. Exchange's General Properties now shows Native mode,
but
> > the
> > > > two
> > > > > > administrative views options can be checked. I thought the
> "Display
> > > > > > administrative groups" option was supposed to be grayed out. The
> > > > > > distribution groups existed prior to the mode switch.
> > > > > >
> > > > > > Dithered Security Log entries follow. This attempt was from a
> > > > workstation
> > > > > > outside the domain logged in to the SpamBox mailbox over a VPN.
> The
> > > > > behavior
> > > > > > is similar when the delegation is attempted from a workstation
in
> > the
> > > > > > domain.
> > > > > >
> > > > > > Thanks,
> > > > > >
> > > > > > Joe M
> > > > > >
> > > > > > --------
> > > > > >
> > > > > > Event Type: Success Audit
> > > > > > Event Source: Security
> > > > > > Event Category: Logon/Logoff
> > > > > > Event ID: 540
> > > > > > Date: 8/27/2004
> > > > > > Time: 9:43:29 AM
> > > > > > User: SMITHINVESTMENT\SpamBox
> > > > > > Computer: SMITH-SBS
> > > > > > Description:
> > > > > > Successful Network Logon:
> > > > > > User Name: SpamBox
> > > > > > Domain: SMITHINVESTMENT
> > > > > > Logon ID: (0x0,0x9E1416)
> > > > > > Logon Type: 3
> > > > > > Logon Process: NtLmSsp
> > > > > > Authentication Package: NTLM
> > > > > > Workstation Name: MYBOX
> > > > > >
> > > > > > --------
> > > > > >
> > > > > > Event Type: Failure Audit
> > > > > > Event Source: Security
> > > > > > Event Category: Object Access
> > > > > > Event ID: 565
> > > > > > Date: 8/27/2004
> > > > > > Time: 9:43:29 AM
> > > > > > User: SMITHINVESTMENT\SpamBox
> > > > > > Computer: SMITH-SBS
> > > > > > Description:
> > > > > > Object Open:
> > > > > > Object Server: Microsoft Exchange
> > > > > > Object Type: Microsoft Exchange Logon
> > > > > > Object Name: /o=SMITHINVESTMENT/ou=first administrative
> > > > > > group/cn=Recipients/cn=SpamBox
> > > > > > New Handle ID: -
> > > > > > Operation ID: {0,10359850}
> > > > > > Process ID: 4384
> > > > > > Primary User Name: SMITH-SBS$
> > > > > > Primary Domain: SMITHINVESTMENT
> > > > > > Primary Logon ID: (0x0,0x3E7)
> > > > > > Client User Name: SpamBox
> > > > > > Client Domain: SMITHINVESTMENT
> > > > > > Client Logon ID: (0x0,0x9D55A4)
> > > > > > Accesses Unknown specific access (bit 8)
> > > > > >
> > > > > > Privileges -
> > > > > >
> > > > > > Properties:
> > > > > > Unknown specific access (bit 2)
> > > > > > Unknown specific access (bit 3)
> > > > > > Unknown specific access (bit 4)
> > > > > > Send As
> > > > > >
> > > > > > --------
> > > > > >
> > > > > > Event Type: Failure Audit
> > > > > > Event Source: Security
> > > > > > Event Category: Directory Service Access
> > > > > > Event ID: 565
> > > > > > Date: 8/27/2004
> > > > > > Time: 9:45:02 AM
> > > > > > User: SMITHINVESTMENT\SpamBox
> > > > > > Computer: SMITH-SBS
> > > > > > Description:
> > > > > > Object Open:
> > > > > > Object Server: DS
> > > > > > Object Type: user
> > > > > > Object Name: CN=SpamBox,CN=Users,DC=smithinvestments,DC=local
> > > > > > New Handle ID: -
> > > > > > Operation ID: {0,10381668}
> > > > > > Process ID: 292
> > > > > > Primary User Name: SMITH-SBS$
> > > > > > Primary Domain: SMITHINVESTMENT
> > > > > > Primary Logon ID: (0x0,0x3E7)
> > > > > > Client User Name: SpamBox
> > > > > > Client Domain: SMITHINVESTMENT
> > > > > > Client Logon ID: (0x0,0x9E138D)
> > > > > > Accesses Write Property
> > > > > >
> > > > > > Privileges -
> > > > > >
> > > > > > Properties:
> > > > > > WRITE_DAC
> > > > > > WRITE_OWNER
> > > > > > SYNCHRONIZE
> > > > > > Delete Child
> > > > > > Read Property
> > > > > > Write Property
> > > > > > Personal Information
> > > > > > WRITE_DAC
> > > > > > SYNCHRONIZE
> > > > > > publicDelegates
> > > > > >
> > > > > >
> > > > > > Event Type: Failure Audit
> > > > > > Event Source: Security
> > > > > > Event Category: Directory Service Access
> > > > > > Event ID: 565
> > > > > > Date: 8/27/2004
> > > > > > Time: 9:45:02 AM
> > > > > > User: SMITHINVESTMENT\SpamBox
> > > > > > Computer: SMITH-SBS
> > > > > > Description:
> > > > > > Object Open:
> > > > > > Object Server: DS
> > > > > > Object Type: user
> > > > > > Object Name: CN=SpamBox,CN=Users,DC=smithinvestments,DC=local
> > > > > > New Handle ID: -
> > > > > > Operation ID: {0,10381669}
> > > > > > Process ID: 292
> > > > > > Primary User Name: SMITH-SBS$
> > > > > > Primary Domain: SMITHINVESTMENT
> > > > > > Primary Logon ID: (0x0,0x3E7)
> > > > > > Client User Name: SpamBox
> > > > > > Client Domain: SMITHINVESTMENT
> > > > > > Client Logon ID: (0x0,0x9E138D)
> > > > > > Accesses Write Self
> > > > > >
> > > > > > Privileges -
> > > > > >
> > > > > > Properties:
> > > > > > WRITE_DAC
> > > > > > WRITE_OWNER
> > > > > > SYNCHRONIZE
> > > > > > Delete Child
> > > > > > Read Property
> > > > > > Write Property
> > > > > > Personal Information
> > > > > > WRITE_DAC
> > > > > > SYNCHRONIZE
> > > > > > publicDelegates
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

• Next message: sphilip: "452 4.5.3 Too many recipients specified"
• Previous message: trmbr: "Exxchange 2003 Event ID 1026 - MDBEF Errors in the Call stack"
• In reply to: JoeM: "Re: Can't delegate/share to a group - Addendum"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint