DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 2536704 - Last Review: August 24, 2011 - Revision: 1.0

SYMPTOMS

Consider the following scenario:
  • You use Microsoft Identity Lifecycle Manager (ILM) 2007 to migrate mailbox users in Active Directory directory service to mailbox users in a Microsoft Exchange Server 2010 environment.

    Note To do this, you run the Update-Recipient cmdlet on the Exchange server. This cmdlet adds attributes for the recipient objects that are created by using the global address list (GAL) Synchronization management agent in ILM 2007.
  • The migrated mailbox user clicks Options in Outlook Web Access (OWA).
In this scenario, the migrated mailbox user receives the following error message:
Sorry! Access denied.

CAUSE

This issue occurs because the Update-Recipient cmdlet does not stamp the msExchRBACPolicyLink attribute for the recipient objects. Therefore, the Default Role Assignment Policy is not assigned to the recipient.

RESOLUTION

To resolve this issue, install the following update rollup:
2582113   (http://support.microsoft.com/kb/2582113/ ) Description of Update Rollup 5 for Exchange Server 2010 Service Pack 1

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

For more information about the Update-Recipient cmdlet, visit the following Microsoft website:
General information about the Update-Recipient cmdlet (http://technet.microsoft.com/en-us/library/bb738148.aspx)
For more information about Identity Lifecycle Manager (ILM) 2007, visit the following Microsoft website:
General information about Identity Lifecycle Manager 2007 (http://www.microsoft.com/windowsserver/ilm2007/overview.mspx)
For more information about permissions in Exchange Server 2010, visit the following Microsoft website:
General information about permissions in Exchange Server 2010 (http://technet.microsoft.com/en-us/library/dd297943.aspx)
For more information about the Set-Mailbox cmdlet, visit the following Microsoft website:
General information about the Set-Mailbox cmdlet (http://technet.microsoft.com/en-us/library/bb123981.aspx)


APPLIES TO
  • Microsoft Exchange Server 2010 Service Pack 1, when used with:
    • Microsoft Exchange Server 2010 Standard
    • Microsoft Exchange Server 2010 Enterprise
Keywords: 
kbqfe kbfix kbsurveynew kbexpertiseinter KB2536704
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support