0 votes

We get the following error when searching for available Exchange (2007) servers:-


The service account for Adaxes is currently not permissioned to administer Exchange (and is not a member of BUILTIN\Administrators etc) - is this error because the account needs to be permissioned above "Domain User" to even view available Exchange servers, or possibly an issue based on a Parent\Child domain structure?

Our Exchange servers are located on our core (Child) AD domain, where all computers, users and mailboxes etc (and Adaxes) exists, although administrative access is controlled via groups in the 'Parent' domain (in effect, to prevent operational domain admin's inheriting excessive access to mailboxes).

Normally I'd just "suck it and see", but changing group memberships in the Parent domain is a very tightly controlled function, so I'm trying to cut down any other errors before submitting the change release...!

Rgds

by (1.6k points)
0

Hello,

Take a look at Adaxes Event Log. Are there any errors and/or warnings that may be related to the issue? For information on how to view Adaxes Event Log, see Service Event Log.

Also, could you describe your environment a bit? Is it an Exchange 2007 only environment, or you have Exchange 2010 or Exchange 2013 Servers installed in your organization? Do you have any Exchange Management Tools installed on the computer where Adaxes is installed?

0

Hi,

Lots of errors in the logs - def looks permission based.

The "ACME Ltd (acme.net) domain in the first error is the Parent domain, where the Exchange schema upgrade was registered.

So while all computers, users and mailboxes exist n the child domain (child.acme.net) inc the Adaxes server, Adaxes service account, and the Exchange servers etc, the default Excgange objects e.g. 'Exchange Organization Administrators' AD Group were created in acme.net.

=====

Softerra.Adaxes.BackgroundThreadException: ADSI API: Failed to execute the following operation: Get Exchange UM dial plans (Exchange Organization: ACME Ltd (acme.net)). ---> Softerra.Adaxes.Adsi.Exchange.PowerlessExchangeApiException (0x80072035): Failed to fetch Exchange configuration objects from 'ACME Ltd (acme.net)' via LDAP protocol. Access denied.
at #2b.#qc.#JW(#ub exchangeOrganization)
at #2b.#qc.#qU(#1c operation)
at #Oc.#Nc.Execute()
--- End of inner exception stack trace ---

=====

and these ones - as no Exchange Admin tools (inc. PS cmdlets) I guess is installed on adaxesserver.child.acme.net

=====

Softerra.Adaxes.BackgroundThreadException: Exchange 2007 PowerShell API: Failed to execute the following operation: Get UM mailbox policies (Exchange Organization: ACME Ltd (acme.net)). ---> Softerra.Adaxes.Adsi.Exchange.PowerlessExchangeApiException (0x80072035): The Windows PowerShell snap-in 'Microsoft.Exchange.Management.PowerShell.Admin' is not installed on adaxesserver.child.acme.net. ---> System.Management.Automation.PSArgumentException: The Windows PowerShell snap-in 'Microsoft.Exchange.Management.PowerShell.Admin' is not installed on this machine.
at System.Management.Automation.PSSnapInReader.ReadOne(RegistryKey mshSnapInRoot, String mshsnapinId)
at System.Management.Automation.PSSnapInReader.Read(String psVersion, String mshsnapinId)
at System.Management.Automation.Runspaces.InitialSessionState.ImportPSSnapIn(String name, PSSnapInException& warning)
at #dd.#5e.#m4()
at #dd.#5e.#m4()
at #dd.#3e.#n4()
at #dd.#5e.Execute(#ed command)
at #dd.#7e.#i.#9e.Execute(#ed command)
at #dd.#Ye.#h4(#fd command, #Ze context)
at #dd.#Ye.ExecuteOperation(#8c operation, #Ze context)
at #dd.#Ye.#qU(#8c operation)
at #Oc.#Nc.Execute()
--- End of inner exception stack trace ---

1 Answer

0 votes
by (215k points)

First of all, we recommend installing the Exchange 2007 management snap-in on the computer where Adaxes is installed. Without the snap-in, only ADSI API will be available to Adaxes, however ADSI API does not allow you to perform all Exchange-related functions in Adaxes. For example, with ADSI API you will not be able to read or edit Calendar settings in Exchange or manage Mailbox Rights.

The Access denied error that you get is a sure sign that the account with the credentials of which you registered the domain is lacking the necessary permissions. However, to track, which permissions exactly the account is missing, we also recommend installing the Exchange 2007 management snap-in and switching to PowerShell API. This will give you some more meaningful errors.

Related questions

0 votes
1 answer

Hi, is there any way as I stated in the subject to prevent Adaxes from talking to certain Exchange servers in the environment? We have a couple of servers which are for ... and Adaxes always try's to contact them, resulting in an error. Regards Ingemar Jacob

asked Sep 12, 2013 by ijacob (960 points)
0 votes
1 answer

Hello, I think I might have found a regression. Starting 2014.1 it is impossible to change the reply address for a user having an Exchange 2003 mailbox. The button "Set ... related to my authorizations; I did test various configuration (admin, ...). Regards,

asked May 2, 2014 by Pierre (750 points)
0 votes
1 answer

We can authenticate if we login to the machine hosting the service but if I have the client installed on my desktop, I can't authenticate with any ... .com/en-us/windows-server/security/credentials-protection-and-management/protected-users-security-group

asked Sep 12 by mark.it.admin (2.1k points)
0 votes
0 answers

We are currently looking through approval requests and have run into a snag. We implemented approval steps for users that want to change their display photo. The photo change ... it was initiated on server 1. Any help with this would be greatly appreciated.

asked May 19, 2016 by Jameswasson (70 points)
0 votes
1 answer

Hi Forum, is it possible in a Multi Server Setup to define One Server for scheduled Tasks? How does Adaxes choose the server executing the tasks? Thanks for your help Cheers

asked Jul 20, 2015 by esoAdxAdmin (650 points)
2,801 questions
2,535 answers
6,605 comments
61,655 users