Wednesday 2 June 2010

MSExchangeAL - EventID 8270 & 8315 : LDAP returned the error [32] Insufficient Rights when importing the transaction.


LDAP returned the error [32] Insufficient Rights when importing the transaction.

...and or


The service could not update the entry 'CN=User Name,OU=Special,,DC=local' because inheritable permissions are not propagated to this object. The inheritable permissions may be disabled because the object belongs to a Windows 2000 administrative group or the inheritable permissions were disable explicitly by an administrator. DC=footasylumltd,DC=local


Fixed by open the user detailed in the event and clicking the 'security' tab, click 'Advanced' and select/enable Include inheritable permissions from this object's parent.

You can easily find out who does not have this attribute set by installing AD Cmdlets tools and running this command.

Get-QADUser -SizeLimit 0 | where {$_.DirectoryEntry.psbase.ObjectSecurity.AreAccessRulesProtected}


No comments:

Post a Comment