View Single Post
Old 10-19-2010, 02:09 PM   #1
CrackBerry Addict
rpfeffer's Avatar
Join Date: Mar 2005
Location: MD
Model: 9650
Carrier: Sprint BES
Posts: 530
Default Setting up the BESAdmin Account for a fresh 5.0.2 install

Please Login to Remove!

We are in the process of setting up a new install of BES 5.0.2 on a new VM that we will eventually transport our users to from the old 4.1.7 BES. We are getting some access denied permissions when trying to set the send as permissions on the BESAdmin account per the pre-upgrade tasks document.

To set the permissions at the organizational unit level, type Add-ADPermission -InheritedObjectType User -
InheritanceType Descendents -ExtendedRights Send-As -User "BESAdmin" -Identity
"OU=<organizational_unit>,DC=<domain_1>,DC=<domain _2>,DC=<domain_3>" where <domain_1>,
<domain_2>, and <domain_3> form the name of the domain.
For example, if the organizational unit is Texas and the domain name is, type Texas for
<organizational_unit>, example for <domain_1>, organization for <domain_2>, and net for <domain_3>.

Referenced from (beginning on page 22)

The error we recieve is:

Active Directory operation failed on This error is not retriable. Additional information: Access
is denied.
Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
+ CategoryInfo : WriteError: (0:Int32) [Add-ADPermission], ADOperationException
+ FullyQualifiedErrorId : D29B4D32,Microsoft.Exchange.Management.RecipientTa sks.AddADPermission
Any thoughts?
9650 Bold - Sprint
BES 4.1 SP7
Offline   Reply With Quote