2

We've migrated a client from google apps to an MS Exchange 2010 SP2 on-premise setup. The setup /prepareAD went well, and the software was installed with the Administrator account. We've used the Exchange Management Console to setup mailboxes and had to google up the appropriate workarounds such as going into each users Advanced Security Settings and selecting "include inheritable permissions from this object's parents", and changing their logon-to from specific machines to "all computers" so that they can connect to Outlook Web Access, and in turn so their Outlook 2007-2010 clients can connect to Exchange.

Sending and receiving emails are working well.

Now that all this is in place, we can create Dynamic Distrubution Lists with no problem, but as soon as we try and create a DISTRIBUTION LIST, either in the EMC or the Exchange PowerShell, we get an error. As the error message in the powershell is more verbose, I include this if anyone can suggest how we remedy this:

[PS] C:\Windows\system32>new-DistributionGroup -Name 'projects' -SamAccountName 'projects' -Alias 'projects'

Active Directory operation failed on DC.cppe.local. This error is not retriable. Additional information: Access is denied.

Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 + CategoryInfo : NotSpecified: (0:Int32) [New-DistributionGroup], ADOperationException + FullyQualifiedErrorId : 1EA5CD3E,Microsoft.Exchange.Management.RecipientTasks.NewDistributionGroup

BabakBani
  • 81
  • 1
  • 8
  • I may have missed the obvious. What permissions does my account need to be able to create, edit and delete distribution lists in EMC? I'm currently a member of the Domain Admins, Administrators and also a member of the "Organization management" role group in Exchange. – BabakBani Jul 26 '12 at 17:02

1 Answers1

2

You need to be a member of the Recipient Management role group, in order to manage distribution groups

Mathias R. Jessen
  • 24,907
  • 4
  • 62
  • 95
  • already checked that. not an issue. – BabakBani Jul 27 '12 at 22:14
  • it would appear my Administrator account on my DC is corrupt. – BabakBani Jul 27 '12 at 22:14
  • I disabled the Administrator mailbox in Exchange 2010 that we had added, and instead created a new mailbox and gave it permissions as in ECP. – BabakBani Aug 15 '12 at 19:54
  • I tried via Exchange control panel but it failed as well with the following error when I attempt to create a new Distribution Group with the new mailbox user that is a member of the "Organization management" role group in Exchange: Active Directory operation failed on server-2008.cppe.local. This error is not retriable. Additional information: Access is denied. Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 – BabakBani Aug 15 '12 at 19:54