Another Funky AD Issue
Published on 14 Sep 2005 · Filed in Rant · 133 words (estimated 1 minutes to read)This one is still unresolved. The basic gist of the arrangement is this: user accounts that have been delegated the appropriate permissions in Exchange System Manager and Active Directory in order to be able to manage user objects (including e-mail attributes) are unable to add or edit e-mail addresses on mail-enabled and mailbox-enabled objects. Microsoft has a KB article that describes the issue perfectly, but the fix doesn’t work (at least, not for this specific implementation). The KB article and numerous hits from a Google search indicate that the use of SC.EXE from Windows Server 2003 SP1 can fix the problem, but it doesn’t work, and the other workaround offered by the KB article isn’t particularly appealing (using Group Policy Objects in Active Directory to add permissions to a service across the network).