Insufficient access rights to perform the operation

For testing purposes I wanted to Lync Enable the (default) administrator account in Active Directory using the Lync Control Panel. This failed with the following error:

Active Directory operation failed on “wes-dc02.wesselius.local”. You cannot retry this operation: “Insufficient access rights to perform the operation 00002098: SecErr: DSID-03150BB9, problem 4005 (INSUFF_ACCESS_RIGHTS), data 0”. You do not have the appropriate permissions to perform this operation in Active Directory.

image

Continue reading Insufficient access rights to perform the operation

Disclaimers in Exchange 2010

Using Transport Rules in Exchange Server 2010 you can add fancy disclaimers to your outgoing e-mail messages.

Transport Rule information is stored in Active Directory and shared between all Hub Transport servers in the organization. This way a consistent behavior can be achieved.

To create a Transport Rule that appends a disclaimer open the Exchange Management Console, navigate to the Organization Configuration Container and select the Hub Transport Container.

image

Continue reading Disclaimers in Exchange 2010

Lync Server 2010 – An Introduction

Lync Server 2010 is Microsoft solution for Unified Communication: Instant Messaging, Presence information, Conferencing and Enterprise Voice. There a lot of noise going on around Lync and it is a very rapidly developing solution. On the other hand Lync is in a difficult situation: a typical Windows sysadmin has no affection with telephony and vice versa, a telephony sysadmin doesn’t have too much faith in Windows systems. Oh, and don’t forget the Cisco or Avaya people, it might be a threat for them, or would it be a challenge? Time go get a closer look at Lync Server 2010… Continue reading Lync Server 2010 – An Introduction

Exchange 2010 and your own PKI infrastructure

When it comes to Exchange Server 2007 or Exchange Server 2010 it is a best practice to use a real world SSL certificate for the Client Access Server. In Microsoft knowledge base article 929395 (http://support.microsoft.com/kb/929395) four vendors are listed as supported vendors for SSL certificates. Of course there are more, and their certificates work fine, but you can also use an internal Windows Server 2008 Certificate Services environment. Especially when you have only domain joined clients this shouldn’t be a problem…

Client Access Server and Certificates

When installing the Exchange Server 2010 Client Access Server, a self-signed certificate, containing just the server name, is generated and installed on the server, and can be used for testing purposes after installing the server. For testing purposes this self-signed certificate also contains the local FQDN in the “Subject Alternative Names” field for testing with Outlook Anywhere. It is naturally a best practice not to use this self-signed certificate in a production environment, but rather to use a third party certificate on the Client Access Server.

Continue reading Exchange 2010 and your own PKI infrastructure

Exchange 2010 SP1 Hosting & Control Panel

In an earlier article I explained a bit about the hosting features that are available in Exchange Server 2010 SP1. This hoster edition (I’ll abbreviate this to HEX2010SP1) is primarily targeted towards hosting companies, you need for example an SPLA license agreement to resell this.

Note: if you need really to address this functionality inside an enterprise organization, then you have to stick with Exchange 2007. Or you have to wait for Exchange 2010 SP2 which will likely contain this functionality in a form of Address Book Policies.

Continue reading Exchange 2010 SP1 Hosting & Control Panel

Microsoft UC Specialist