" title="云计算大数据


如何在 Exchange 2010 中重新创建损坏的 Microsoft 安全组

编辑:IT助理/ 栏目:电子邮件服务 /发布于:2021年-10月-7日


Some Times Reinstalling Exchange 2010 Corrupts the Security Groups or It will Duplicate the Security Groups.
Creating Console Permission issues or Role may not load properly or User Might get Access Denied Error.
We will learn how to cleanup and recreate Microsoft Exchange Security Groups as a last option.
We will delete all the Security Groups in the Microsoft Exchange Security Groups Container.

Now Running Setup.com /preparead won’t allow you to recreate it as OtherWellKnownObjects attribute on the Microsoft Exchange Container  will be pointing to Deleted Objects , It has to be Removed

It cannot be Removed via Adsiedit
And we got to Use LDP to Clear the attribute
Those who are new to  LDP, Am not able to edit the OtherWellKnownObjects in Adsiedit as Shown Below . So am Using LDP

Start –> Run –> LDP
Click Connection – Connect –
Click Ok if you running on the Server itself
View –> Tree

Choose –> Configuration Container

Now You won’t be Expand it . Unless you Bind it

Connection –> Bind

Double Click on Configuration –> To Expand
Scroll down to Microsoft Exchange Container –> Right Click –> Modify

Now we got to Edit OtherWellKnownObject attribute
Attribute – > OtherWellKnownObject
Values –>
Choose Replace
Click On Enter

Now Empty Value has been Added –
Click Run
Now you could see Other Well known Objects have been Cleared
Now Setup.com /preparead is successful
Now Security Groups are back

Now Console and Exchange Management Shell may not open
Or It may show Partial information.
Because the Role Base Access Control Information is lost as Security Groups have been deleted and Recreated
Showing Partial Information –

Or Role May not Load Properly

To get the Roles Installed Back for the Users

Install-CannedRbacRoleAssignments –InvocationMode Install 

Now Exchange Management Console and Exchange Management Shell is back online

Now Still you might not be able to Create or Remove are Edit anything in the EMC or EMS
you will get an Error
Active Directory operation failed on DC.CareExchange.in . This error is not retriable. Additional information: Access is denied. Active directory response: 00000005: SecErr: DSID-03151E04, problem 4003 (INSUFF_ACCESS_RIGHTS)
Because the group memberships might have been removed
Add the Exchange Server Computer Account in Exchange Servers Group & Exchange Trusted Subsystem Group
Now you got to reboot the Exchange Server after adding it , To update Group membership

本文由“云计算大数据 > IT助理”整理编辑。



已经有 0 条群众意见