No announcement yet.

Exchange 2003 SP2 and Domain Controller Permissions

  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2003 SP2 and Domain Controller Permissions

    Greetings all:

    I am having a strange problem with our new Exchange installation. I have recently implemented Exchange 2003 Standard SP2 running on Server 2003 Standard R2 SP2 with all updates and I am seeing Event ID 2112 in my logs on the Exchange server. The error is this:
    Exchange Server exchange.domain.local does not have Audit Security Privilege on Domain Controller dc.domain.local. This Domain Controller will not be used by DSAccess.
    The server dc.domain.local is running Server 2003 Standard x64 R2 SP2. This domain controller is the holder of all the FSMO roles for the domain in question, as well as hosting DHCP, DNS, and WINS. We have four other domain controllers running Server 2000 Standard SP4, all of which but one will be demoted in the near future during the transition from Server 2000 SP4 to Server 2003 R2.

    I have followed the steps referenced in the article, but it doesn't seem to have resolved the issue. In addition, I tried running the Exchange domain prep directly on the server experiencing the issue, but it will not run due to an incompatibility with the x64 version of Server 2003. I have verified that policytest.exe shows a positive result on the domain controller in question, and that there is no firewall or the like enabled on that server.

    The symptoms I am noticing is that when viewing the Advanced Properties in ADUC, under the Security tab -> Advanced, the check box for allowing inherited permissions never stays checked. Even if you check the box, it will uncheck itself within a few minutes of hitting Apply, thus causing the Recipient Policies for the Exchange server to not apply. The users do not automatically receive e-mail addresses. If you check the box and immediately apply the Recipient Policy, it takes a very long time(>30 minutes) for the addresses to show up, and the box unchecks itself again right after it is done.

    Can anyone point out something I've missed or send me in the correct direction to resolve this issue?

    Don't fool yourself. If you truly feel passionate about something, you will do whatever it takes. If you don't, you'd better get busy pursuing happiness, because it's all you've got.

  • #2
    Re: Exchange 2003 SP2 and Domain Controller Permissions

    Prep is a domain setting, not a server setting. You do not have to run it on a specific server. It can be run from the Exchange server.
    It can resolve some problems, and is non-destructive, so I would suggest that you do run it again. After doing so, leave it about 30 minutes then restart System Attendant.

    Simon Butler
    Exchange MVP

    More Exchange Content:
    Exchange Resources List:
    In the UK? Hire me:

    Sembee is a registered trademark, used here with permission.