我们不但可以亡羊补牢
更擅长未雨绸缪

关注我们

您的位置: 主页 > 支持与下载 > IT知识库 >
IT知识库

How to Recreate Corrupted Microsoft Security Groups in Excha
时间:2017-05-17 作者:admin 点击:

Some Times Reinstalling Exchange 2010 Corrupts the Security Groups or It will Duplicate the Security Groups.

Creating Console Permission issues or Role may not load properly or User Might get Access Denied Error.

We will learn how to cleanup and recreate Microsoft Exchange Security Groups as a last option.

We will delete all the Security Groups in the Microsoft Exchange Security Groups Container.





Now Running Setup.com /preparead won’t allow you to recreate it as OtherWellKnownObjects attribute on the Microsoft Exchange Container  will be pointing to Deleted Objects , It has to be Removed


 

It cannot be Removed via Adsiedit

And we got to Use LDP to Clear the attribute

Those who are new to  LDP, Am not able to edit the OtherWellKnownObjects in Adsiedit as Shown Below . So am Using LDP


 

Start –> Run –> LDP

Click Connection – Connect –



Click Ok if you running on the Server itself



View –> Tree



Choose –> Configuration Container


 

Now You won’t be Expand it . Unless you Bind it

Connection –> Bind


 

Double Click on Configuration –> To Expand

Scroll down to Microsoft Exchange Container –> Right Click –> Modify

Now we got to Edit OtherWellKnownObject attribute

Attribute – > OtherWellKnownObject

Values –>

Choose Replace

 

Click On Enter

Now Empty Value has been Added –

Click Run


Now you could see Other Well known Objects have been Cleared




Now Setup.com /preparead is successful


Now Security Groups are back


 

Now Console and Exchange Management Shell may not open

Or It may show Partial information.

Because the Role Base Access Control Information is lost as Security Groups have been deleted and Recreated

Showing Partial Information –



Or Role May not Load Properly

To get the Roles Installed Back for the Users

Add-PSSnapin *Setup 








Install-CannedRbacRoleAssignments –InvocationMode Install 









Now Exchange Management Console and Exchange Management Shell is back online



 


Now Still you might not be able to Create or Remove are Edit anything in the EMC or EMS

you will get an Error

Active Directory operation failed on DC.CareExchange.in . This error is not retriable. Additional information: Access is denied. Active directory response: 00000005: SecErr: DSID-03151E04, problem 4003 (INSUFF_ACCESS_RIGHTS)

Because the group memberships might have been removed

Add the Exchange Server Computer Account in Exchange Servers Group & Exchange Trusted Subsystem Group

 

Now you got to reboot the Exchange Server after adding it , To update Group memberships




下一篇:如何手动删除 Exchange 2010 上一篇:Exchange Server 常见问题