0 votes

We get the following error when searching for available Exchange (2007) servers:-


The service account for Adaxes is currently not permissioned to administer Exchange (and is not a member of BUILTIN\Administrators etc) - is this error because the account needs to be permissioned above "Domain User" to even view available Exchange servers, or possibly an issue based on a Parent\Child domain structure?

Our Exchange servers are located on our core (Child) AD domain, where all computers, users and mailboxes etc (and Adaxes) exists, although administrative access is controlled via groups in the 'Parent' domain (in effect, to prevent operational domain admin's inheriting excessive access to mailboxes).

Normally I'd just "suck it and see", but changing group memberships in the Parent domain is a very tightly controlled function, so I'm trying to cut down any other errors before submitting the change release...!

Rgds

by (1.6k points)
0

Hello,

Take a look at Adaxes Event Log. Are there any errors and/or warnings that may be related to the issue? For information on how to view Adaxes Event Log, see Service Event Log.

Also, could you describe your environment a bit? Is it an Exchange 2007 only environment, or you have Exchange 2010 or Exchange 2013 Servers installed in your organization? Do you have any Exchange Management Tools installed on the computer where Adaxes is installed?

0

Hi,

Lots of errors in the logs - def looks permission based.

The "ACME Ltd (acme.net) domain in the first error is the Parent domain, where the Exchange schema upgrade was registered.

So while all computers, users and mailboxes exist n the child domain (child.acme.net) inc the Adaxes server, Adaxes service account, and the Exchange servers etc, the default Excgange objects e.g. 'Exchange Organization Administrators' AD Group were created in acme.net.

=====

Softerra.Adaxes.BackgroundThreadException: ADSI API: Failed to execute the following operation: Get Exchange UM dial plans (Exchange Organization: ACME Ltd (acme.net)). ---> Softerra.Adaxes.Adsi.Exchange.PowerlessExchangeApiException (0x80072035): Failed to fetch Exchange configuration objects from 'ACME Ltd (acme.net)' via LDAP protocol. Access denied.
at #2b.#qc.#JW(#ub exchangeOrganization)
at #2b.#qc.#qU(#1c operation)
at #Oc.#Nc.Execute()
--- End of inner exception stack trace ---

=====

and these ones - as no Exchange Admin tools (inc. PS cmdlets) I guess is installed on adaxesserver.child.acme.net

=====

Softerra.Adaxes.BackgroundThreadException: Exchange 2007 PowerShell API: Failed to execute the following operation: Get UM mailbox policies (Exchange Organization: ACME Ltd (acme.net)). ---> Softerra.Adaxes.Adsi.Exchange.PowerlessExchangeApiException (0x80072035): The Windows PowerShell snap-in 'Microsoft.Exchange.Management.PowerShell.Admin' is not installed on adaxesserver.child.acme.net. ---> System.Management.Automation.PSArgumentException: The Windows PowerShell snap-in 'Microsoft.Exchange.Management.PowerShell.Admin' is not installed on this machine.
at System.Management.Automation.PSSnapInReader.ReadOne(RegistryKey mshSnapInRoot, String mshsnapinId)
at System.Management.Automation.PSSnapInReader.Read(String psVersion, String mshsnapinId)
at System.Management.Automation.Runspaces.InitialSessionState.ImportPSSnapIn(String name, PSSnapInException& warning)
at #dd.#5e.#m4()
at #dd.#5e.#m4()
at #dd.#3e.#n4()
at #dd.#5e.Execute(#ed command)
at #dd.#7e.#i.#9e.Execute(#ed command)
at #dd.#Ye.#h4(#fd command, #Ze context)
at #dd.#Ye.ExecuteOperation(#8c operation, #Ze context)
at #dd.#Ye.#qU(#8c operation)
at #Oc.#Nc.Execute()
--- End of inner exception stack trace ---

1 Answer

0 votes
by (216k points)

First of all, we recommend installing the Exchange 2007 management snap-in on the computer where Adaxes is installed. Without the snap-in, only ADSI API will be available to Adaxes, however ADSI API does not allow you to perform all Exchange-related functions in Adaxes. For example, with ADSI API you will not be able to read or edit Calendar settings in Exchange or manage Mailbox Rights.

The Access denied error that you get is a sure sign that the account with the credentials of which you registered the domain is lacking the necessary permissions. However, to track, which permissions exactly the account is missing, we also recommend installing the Exchange 2007 management snap-in and switching to PowerShell API. This will give you some more meaningful errors.

Related questions

0 votes
1 answer

Hi, is there any way as I stated in the subject to prevent Adaxes from talking to certain Exchange servers in the environment? We have a couple of servers which are for ... and Adaxes always try's to contact them, resulting in an error. Regards Ingemar Jacob

asked Sep 12, 2013 by ijacob (960 points)
0 votes
1 answer

Hello, I think I might have found a regression. Starting 2014.1 it is impossible to change the reply address for a user having an Exchange 2003 mailbox. The button "Set ... related to my authorizations; I did test various configuration (admin, ...). Regards,

asked May 2, 2014 by Pierre (750 points)
0 votes
1 answer

Hello, I am wanting to write a script to have Adaxes add/remove all authorized DHCP Servers in the domain to a certain security group weekly. Dynamically adding and removing ... you have a better soulution then PS, then let me know. Thanks in advance!

asked Feb 8 by NewTechSolutions (20 points)
0 votes
1 answer

Hello! Is it possible to have 2 instances of Adaxes on separate servers without sharing configuration under 1 license, if total amount of users is below the license limitation? Thank you, Dmytro

asked May 25, 2023 by Dmytro.Rudyi (920 points)
0 votes
1 answer

Here are the actrions of the custom command. Here are the parameters. Need a script to copy the param user's file path for home drive example: Param user's home drive ... ) should be //server1/homedirs/%username%. Then give the user full control of the folder.

asked Feb 8, 2023 by mightycabal (1.0k points)
3,326 questions
3,025 answers
7,724 comments
544,677 users