使用者因為使用者權限不足而無法登入 Outlook Web Access
今天又有使用者反應說沒辦法使用web mail,每次一登入就會發生下列的錯誤訊息。
a.Core.Culture.SetPreferredCulture(ExchangePrincipal exchangePrincipal,
CultureInfo culture)Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.
DispatchLanguagePostLocally(OwaContext owaContext,
OwaIdentity logonIdentity, CultureInfo culture, Int32
timeZoneId, Boolean isOptimized)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.
DispatchLanguagePostRequest(OwaContext owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.
PrepareRequestWithoutSession(OwaContext owaContext,
UserContextCookie userContextCookie)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.
InternalDispatchRequest(OwaContext owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.
DispatchRequest(OwaContext owaContext)
System.Web.HttpApplication.SyncEventExecutionStep.
System.Web.HttpApplication.IExecutionStep.Execute()
System.Web.HttpApplication.ExecuteStep(IExecutionStep step,
Boolean& completedSynchronously)
Inner Exception
Exception type: Microsoft.Exchange.Data.Directory.ADOperationException
Exception message: Active Directory operation failed on ctssgreen.
ctss.contoso.com. This error is not retriable. Additional information:
Insufficient access rights to perform the operation.
Active Directory response: 00002098: SecErr: DSID-03150A45,
problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
Call stack
Microsoft.Exchange.Data.Directory.ADSession.
AnalyzeDirectoryError(PooledLdapConnection connection,
DirectoryRequest request, DirectoryException de,
Int32& retries, Int32 maxRetries)
Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest
(ADRawEntry entry, DirectoryRequest request, ADObjectId originalId)
Microsoft.Exchange.Data.Directory.ADSession.
Save(ADObject instanceToSave, IEnumerable`1 properties)
Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
Inner Exception
Exception type: System.DirectoryServices.Protocols.
DirectoryOperationException
Exception message: The user has insufficient access rights.
Call stack
System.DirectoryServices.Protocols.LdapConnection.ConstructResponse
(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut)
System.DirectoryServices.Protocols.LdapConnection.SendRequest
(DirectoryRequest request, TimeSpan requestTimeout)
Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest
(DirectoryRequest request, LdapOperation ldapOperation)
Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest
(ADRawEntry entry, DirectoryRequest request, ADObjectId originalId)
於是我想說可能是因為某些權限沒有繼承的關係吧!
請參考這篇
但把有問題的使用者權限套用成預設值,還是顯示錯誤訊息
後來才知道除了有問題的使用者需要套用預設值,連OU也要套用。
步驟:
使用 Active Directory 使用者和電腦來設定頂層容器的權限
1.開啟 [Active Directory 使用者和電腦] 嵌入式管理單元。
2.在 [檢視] 功能表中,按一下 [進階功能]。
3.開啟使用者無法登入網域中的容器內容。
4.按一下 [安全性] 索引標籤。
5.確認 Exchange Servers 群組是否出現在 [群組或使用者名稱] 清單中。如果它並未出現在清單中,請新增此群組。不需要設定 Exchange Servers 群組的權限喔。
