Archive for the 'exchange 2007' Category

Distribution Group Management in Exchange 2007

Published on November 5, 2009 in exchange 2007. 0 Comments

Managing a distribution group in Exchange 2007 works little differently than it did in Exchange 2003. In Exchange 2003, you could select a user to manage a distribution group, and select the option so that they could update the members in the list. (see image below)

DGManagement_Ex2003

In Exchange 2007, you have the ability to select a manager to manage the members of the list as well. However, the manager has no rights to add/remove members from the list. (see image below)

DGManagement_Ex2007

In order to grant this permission to the user, you have to run the following command from the Exchange Management Shell:

Add-ADPermission -Identity:'Group Display Name’ -User:domain\username -AccessRights ReadProperty, WriteProperty -Properties 'Member'

Make sure you have the appropriate permissions before you run that command, or it will error out. According to the Technet article, you will need the following permissions to run the command successfully:

1) Exchange Recipient Administrator role.
2) Account Operator role for the applicable Active Directory containers.

Error logging in to Outlook Web Access (OWA) on Exchange 2007

Published on October 28, 2009 in exchange 2007. 0 Comments

When we had completed our migration from Exchange 2003 to Exchange 2007, there were a couple of users that informed us that their Outlook Web Access wasn’t working anymore. The error they received was:

A problem occurred while trying to use your mailbox. Please contact technical support for your organization.

After expanding the error message, it showed the following:

Request
Request
Url: http://[owa servername]:80/owa/lang.owa
User host address: [user ip]
Exception
Exception type: Microsoft.Exchange.Data.Storage.StoragePermanentException
Exception message: There was a problem accessing Active Directory.
Call stack
Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostLocally(OwaContext owaContext, OwaIdentity logonIdentity, CultureInfo culture, String timeZoneKeyName, Boolean isOptimized)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostRequest(OwaContext owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.PrepareRequestWithoutSession(OwaContext owaContext, UserContextCookie userContextCookie)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchRequest(OwaContext owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaContext owaContext)
System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Inner Exception
Exception type: Microsoft.Exchange.Data.Directory.ADOperationException
Exception message: Active Directory operation failed on [active directory servername]. This error is not retriable. Additional information: Insufficient access rights to perform the operation. Active directory response: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
Call stack
Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)
Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry entry, DirectoryRequest request, ADObjectId originalId)
Microsoft.Exchange.Data.Directory.ADSession.Save(ADObject instanceToSave, IEnumerable`1 properties)
Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
Inner Exception
Exception type: System.DirectoryServices.Protocols.DirectoryOperationException
Exception message: The user has insufficient access rights.
Call stack
System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation)
Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry entry, DirectoryRequest request, ADObjectId originalId)

After searching around the web, I found a few posts that referenced this error. The users account needed to have the inheritable permissions option checked for their account.

To perform this,
1. Open Active Directory Users and Computers (ADUC).
2. Locate the user account and view the properties for the account.
3. Select the Security tab. NOTE: If you don’t see the security tab, you will have to enable Advance Features from the View menu.
4. Select the Advanced button.
5. Check the option box for “Allow inheritable permissions from the parent to propagate to this object…”

6. Click Apply and then OK to close out the properties for the user account.

Once this option is selected, the user was able to log in to OWA successfully.

Exchange 2007 SP1 Cmdlet List

Published on September 5, 2008 in asides and exchange 2007. 0 Comments

Complete list of Exchange 2007 SP1 Powershell commands.

Exchange tools

Published on August 3, 2007 in asides, exchange 2003 and exchange 2007. 0 Comments

Microsoft updated some tools for Exchange Server 2003/2007. (via Bink)