We are in the process of setting up a new install of BES 5.0.2 on a new VM that we will eventually transport our users to from the old 4.1.7 BES. We are getting some access denied permissions when trying to set the send as permissions on the BESAdmin account per the pre-upgrade tasks document.
To set the permissions at the organizational unit level, type Add-ADPermission -InheritedObjectType User -
InheritanceType Descendents -ExtendedRights Send-As -User "BESAdmin" -Identity
"OU=<organizational_unit>,DC=<domain_1>,DC=<domain _2>,DC=<domain_3>" where <domain_1>,
<domain_2>, and <domain_3> form the name of the domain.
For example, if the organizational unit is Texas and the domain name is example.organization.net, type Texas for
<organizational_unit>, example for <domain_1>, organization for <domain_2>, and net for <domain_3>.
Referenced from (beginning on page 22)
The error we recieve is:
Active Directory operation failed on dc1.domain.com. This error is not retriable. Additional information: Access
Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
+ CategoryInfo : WriteError: (0:Int32) [Add-ADPermission], ADOperationException
+ FullyQualifiedErrorId : D29B4D32,Microsoft.Exchange.Management.RecipientTa sks.AddADPermission