|
exchange
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Write DACL inherit - How to removeWe migrated our Exchange 2003 server to 2007 recently and must have missed a
few steps while were doing it and still have traces of our old server in the system. Best Practices Analyzer Tool reports that we need to delete Write DACL inherit for the old server which I attempted to do following the instructins provide in the link but I had no success with it. Since the old server is not connected to the network any more, I tried the Remove Connector cmdlet but it only removed one of the connectors. This is causing our Outlook 2007 clients to ask for user name and password for the old server at startup. Is there a way for me to still fix this issue? Thanks. The PowerShell command provided here
(http://technet.microsoft.com/en-us/library/bb288905.aspx) is: Remove-ADPermission "dc=<Domain>" -user "<RootDomain>\Exchange Servers" -AccessRights WriteDACL -InheritedObjectType GroupWhat other steps on that page did you not do? Show quoteHide quote "Feda" <F***@discussions.microsoft.com> wrote in message news:C279675E-3E56-4916-90AD-335FDB78665F@microsoft.com... > We migrated our Exchange 2003 server to 2007 recently and must have missed > a > few steps while were doing it and still have traces of our old server in > the > system. > Best Practices Analyzer Tool reports that we need to delete Write DACL > inherit for the old server which I attempted to do following the > instructins > provide in the link but I had no success with it. > Since the old server is not connected to the network any more, I tried the > Remove Connector cmdlet but it only removed one of the connectors. > This is causing our Outlook 2007 clients to ask for user name and password > for the old server at startup. > Is there a way for me to still fix this issue? > > Thanks. I missed the "Remove-ADPermission" part before so I tried it after reading
yor post. I received an error that Remove-ADPermission is not recognized as an internal or external command. I'm also not quite in the clear what I should use for Domain and Root Domain. Can those be the same? Show quoteHide quote "Michael Dragone" wrote: > The PowerShell command provided here > (http://technet.microsoft.com/en-us/library/bb288905.aspx) is: > > Remove-ADPermission "dc=<Domain>" -user "<RootDomain>\Exchange > Servers" -AccessRights WriteDACL -InheritedObjectType Group > > What other steps on that page did you not do? > > "Feda" <F***@discussions.microsoft.com> wrote in message > news:C279675E-3E56-4916-90AD-335FDB78665F@microsoft.com... > > We migrated our Exchange 2003 server to 2007 recently and must have missed > > a > > few steps while were doing it and still have traces of our old server in > > the > > system. > > Best Practices Analyzer Tool reports that we need to delete Write DACL > > inherit for the old server which I attempted to do following the > > instructins > > provide in the link but I had no success with it. > > Since the old server is not connected to the network any more, I tried the > > Remove Connector cmdlet but it only removed one of the connectors. > > This is causing our Outlook 2007 clients to ask for user name and password > > for the old server at startup. > > Is there a way for me to still fix this issue? > > > > Thanks. > > They could be; it depends on how many domains you have in your environment.
You ran Remove-ADPermission from the Exchange Management Shell? Show quoteHide quote "Feda" <F***@discussions.microsoft.com> wrote in message news:9F76C761-7939-45FD-8873-63589A6B38AA@microsoft.com... > I missed the "Remove-ADPermission" part before so I tried it after reading > yor post. I received an error that Remove-ADPermission is not recognized > as > an internal or external command. > I'm also not quite in the clear what I should use for Domain and Root > Domain. Can those be the same? > > > > "Michael Dragone" wrote: > >> The PowerShell command provided here >> (http://technet.microsoft.com/en-us/library/bb288905.aspx) is: >> >> Remove-ADPermission "dc=<Domain>" -user "<RootDomain>\Exchange >> Servers" -AccessRights WriteDACL -InheritedObjectType Group >> >> What other steps on that page did you not do? >> >> "Feda" <F***@discussions.microsoft.com> wrote in message >> news:C279675E-3E56-4916-90AD-335FDB78665F@microsoft.com... >> > We migrated our Exchange 2003 server to 2007 recently and must have >> > missed >> > a >> > few steps while were doing it and still have traces of our old server >> > in >> > the >> > system. >> > Best Practices Analyzer Tool reports that we need to delete Write DACL >> > inherit for the old server which I attempted to do following the >> > instructins >> > provide in the link but I had no success with it. >> > Since the old server is not connected to the network any more, I tried >> > the >> > Remove Connector cmdlet but it only removed one of the connectors. >> > This is causing our Outlook 2007 clients to ask for user name and >> > password >> > for the old server at startup. >> > Is there a way for me to still fix this issue? >> > >> > Thanks. We have only one domain so that clarified it. I was also not using the
Exchange Management Shell. I received the following message after running the command: Remove-ADPermission : Cannot remove ACE on object "DC=sagrescorp,DC=local" for account "SAGRESNET\Exchange Servers" because it is not present. At line:1 char:20 + Remove-ADPermission <<<< "dc=sagrescorp,dc=local" -user "sagrescorp.local\Ex change Servers" -AccessRights WriteDACL -InheritedObjectType Group Best Practices Analyzer still shows the old server on the list of servers under "First Administrative Group" but it did not have the Write DACL Inherit issue listed any more. Show quoteHide quote "Michael Dragone" wrote: > They could be; it depends on how many domains you have in your environment. > > You ran Remove-ADPermission from the Exchange Management Shell? > Okay. Are you continuing with your decommissioning of 2000/2003 then?
Show quoteHide quote "Feda" <F***@discussions.microsoft.com> wrote in message news:6F608A15-E3A6-4F8E-B460-8611E2C6A98E@microsoft.com... > We have only one domain so that clarified it. I was also not using the > Exchange Management Shell. > I received the following message after running the command: > > > Remove-ADPermission : Cannot remove ACE on object "DC=sagrescorp,DC=local" > for > account "SAGRESNET\Exchange Servers" because it is not present. > At line:1 char:20 > + Remove-ADPermission <<<< "dc=sagrescorp,dc=local" -user > "sagrescorp.local\Ex > change Servers" -AccessRights WriteDACL -InheritedObjectType Group > > Best Practices Analyzer still shows the old server on the list of servers > under "First Administrative Group" but it did not have the Write DACL > Inherit > issue listed any more. > > > > "Michael Dragone" wrote: > >> They could be; it depends on how many domains you have in your >> environment. >> >> You ran Remove-ADPermission from the Exchange Management Shell? We removed our Exchange 2003 server about 2 months ago.
Show quoteHide quote "Michael Dragone" wrote: > Okay. Are you continuing with your decommissioning of 2000/2003 then? > > "Feda" <F***@discussions.microsoft.com> wrote in message > news:6F608A15-E3A6-4F8E-B460-8611E2C6A98E@microsoft.com... > > We have only one domain so that clarified it. I was also not using the > > Exchange Management Shell. > > I received the following message after running the command: > > > > > > Remove-ADPermission : Cannot remove ACE on object "DC=sagrescorp,DC=local" > > for > > account "SAGRESNET\Exchange Servers" because it is not present. > > At line:1 char:20 > > + Remove-ADPermission <<<< "dc=sagrescorp,dc=local" -user > > "sagrescorp.local\Ex > > change Servers" -AccessRights WriteDACL -InheritedObjectType Group > > > > Best Practices Analyzer still shows the old server on the list of servers > > under "First Administrative Group" but it did not have the Write DACL > > Inherit > > issue listed any more. > > > > > > > > "Michael Dragone" wrote: > > > >> They could be; it depends on how many domains you have in your > >> environment. > >> > >> You ran Remove-ADPermission from the Exchange Management Shell? > > I'm having the exact problem and error message when I run the command. I
removed our Exchange 2003 server months ago. Pete Show quoteHide quote "Feda" wrote: > We removed our Exchange 2003 server about 2 months ago. > > "Michael Dragone" wrote: > > > Okay. Are you continuing with your decommissioning of 2000/2003 then? > > > > "Feda" <F***@discussions.microsoft.com> wrote in message > > news:6F608A15-E3A6-4F8E-B460-8611E2C6A98E@microsoft.com... > > > We have only one domain so that clarified it. I was also not using the > > > Exchange Management Shell. > > > I received the following message after running the command: > > > > > > > > > Remove-ADPermission : Cannot remove ACE on object "DC=sagrescorp,DC=local" > > > for > > > account "SAGRESNET\Exchange Servers" because it is not present. > > > At line:1 char:20 > > > + Remove-ADPermission <<<< "dc=sagrescorp,dc=local" -user > > > "sagrescorp.local\Ex > > > change Servers" -AccessRights WriteDACL -InheritedObjectType Group > > > > > > Best Practices Analyzer still shows the old server on the list of servers > > > under "First Administrative Group" but it did not have the Write DACL > > > Inherit > > > issue listed any more. > > > > > > > > > > > > "Michael Dragone" wrote: > > > > > >> They could be; it depends on how many domains you have in your > > >> environment. > > >> > > >> You ran Remove-ADPermission from the Exchange Management Shell? > > > > You may need to use "<RootDomain>\Exchange Enterprise Servers" rather than
"<RootDomain>\Exchange Servers" The Exchange Best Practice Analyzer will tell you which one you need to remove. Show quoteHide quote "Feda" wrote: > We have only one domain so that clarified it. I was also not using the > Exchange Management Shell. > I received the following message after running the command: > > > Remove-ADPermission : Cannot remove ACE on object "DC=sagrescorp,DC=local" for > account "SAGRESNET\Exchange Servers" because it is not present. > At line:1 char:20 > + Remove-ADPermission <<<< "dc=sagrescorp,dc=local" -user > "sagrescorp.local\Ex > change Servers" -AccessRights WriteDACL -InheritedObjectType Group > > Best Practices Analyzer still shows the old server on the list of servers > under "First Administrative Group" but it did not have the Write DACL Inherit > issue listed any more. > > > > "Michael Dragone" wrote: > > > They could be; it depends on how many domains you have in your environment. > > > > You ran Remove-ADPermission from the Exchange Management Shell? > > > 
Other interesting topics
EX 2007 - smtp to multiple recipients in one remote domain
Exchange Databse Recovery Outlook prompting for credentials after DC removed from Exchange S How To Determine Which Exch03 SP2 Post SP Hotfixes are Installed Backing up an Exchange 2007 VM (VMware) Appointments Lost Latent Exchange settings causing System State backup failure? Applying local holiday file on a user mailbox or resource. OWA attachment issue Migrating from one org/domain to another |
|||||||||||||||||||||||
