0 votes

We're trying to add a Send As permission in the properties for a group through Adaxes. It works for Send on Behalf, but whenever we try to add Send As delegation in Adaxes, we get this error. Not quite sure what wouldn't have "sufficient access rights" on dc2, when it can perform other tasks.

Softerra.Adaxes.BackgroundThreadException: Exchange 2013 PowerShell API: Failed to execute the following operation: Modify mail settings for teamtest2 (domain.com\Distribution Groups)' ---> System.Management.Automation.RemoteException: Active Directory operation failed on dc2.domain.com This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03152612, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

at #eb.#Wb.#i.#Xb.#P6(RunspacePool runspacePool, PSCommand psCommand, String[]& warnings)
at #eb.#Wb.#i.#Xb.Execute(RunspacePool runspacePool, #ib command)
at #0e.#Nh.Execute(#ib command)
at #eb.#Ji.Execute(#ib command)
at #0e.#5g.#P6(#jb command, #6g context)
at #0e.#oh.#P6(#jb command, #6g context)
at #0e.#Ed.#p6()
at #0e.#5g.#Vab(#Ze operation)
at #re.#qe.Execute()
--- End of inner exception stack trace ---

by (50 points)

1 Answer

0 votes
by (227k points)
selected by
Best answer

Hello,

It looks like the issue occurs because the account that was specified during the domain registration in Adaxes does not have required permissions in Exchange. For information on how to check/change the account, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.Man ... nInfo.html. It is recommended to assign the account to the Organization Management role group. It provides administrative access to an entire Exchange organization and can perform almost any task.

If, for some reason, you do not want to provide the account administrative access to your Exchange organization, you need to assign the account to the following role groups in Exchange:

For more details, see Understanding Management Roles.

If the issue persists after updating the Exchange permissions, please, enable tracing of requests sent to Exchange servers, reproduce the issue and send us (support[at]adaxes.com) the log file. For information on how to enable the tracing, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.Per ... uests.html.

0

Thanks for your response, Adaxes Support.

I have verified that the account is a member of Organization Management in Exchange. Recently we decommissioned a domain controller, and the one stating that there are insufficient permissions is one of the new ones. Could this change of domain controllers also cause this? Since the Adaxes Admin account already is granted Organization Management role within Exchange.

Edit: actually, let me check a few things. It may not be using the admin account to perform this, maybe it's actually using the logged-in user.

0

Hello,

Thank you for the provided Exchange Tracing log. According to the log, the error appears when the Add-ADPermissions cmdlet tries to change ACL in AD and Exchange Trusted Subsystem is not granted the "modify permissions" permission by default. For details and resolution, have a look at the following article:
https://support.microsoft.com/en-za/hel ... s-permissi.

0

Hello Adaxes Support,

That fixed it! Thanks so much for finding that. That was a strange one, and I believe had been working in the past, so somehow the permissions must have gotten changed. Although we're not sure how long ago.

Thanks!

Related questions

0 votes
1 answer

Is there a way to use the built-in "Modify Exchange Properties" action to add a mailbox delegate that only resides in the cloud? We can do it via a powershell script, but I ... action. For example, I want to add "Company Administrator" to a user via the GUI:

asked Sep 14, 2015 by yourpp (530 points)
0 votes
1 answer

Hello, After migrating users from Exchange 2007 On premise to Exchange Online, we experience a problem viewing/managing full Access permissions for some of the mailboxes. ... permissions found on users that we can successfully manage through Adaxes. Any ideas?

asked Mar 18, 2015 by DFassett (710 points)
0 votes
1 answer

Hi Adax users are unable to load any exchange information when using the Adaxes front end. When trying to load exchange information or any exchange related task they get the ... tenants is set up and says last AD Connect time was 30 minutes ago. Thanks

asked Feb 16, 2021 by R_C (70 points)
0 votes
1 answer

Receive the following error when trying to access our Exchange properties. "Could not load file or assembly 'System.Management.Automation, Version=3.0.0.0, Culture=neutral, ... recently, and I'm not sure where to begin searching for a solution. Regards.

asked Oct 22, 2018 by jtop (680 points)
0 votes
1 answer

Good Afternoon, I'm hoping you can assist - I am a new customer and have just completed our installation. We are currently in the throes of migrating from Exchange ... any additional diagnostics I should be running to track down the problem? Many thanks Steve

asked Jul 6, 2015 by steve82 (50 points)
2,803 questions
2,535 answers
6,606 comments
62,610 users