Odd Exchange Permissions issue

  • 192 Views
  • Last Post 02 February 2016
patrickg posted this 29 January 2016

I have a process which historically would run as a scheduled task. However after adjusting some GPO entries the task while runs fails to run a particular command. In this case Get-ADuser and Get-Mailbox are working fine but the script doesn’t appear to be allowed to execute the New-Mailbox command. If the process is run interactively from the same system, under the same account everything works fine.   The two GPO entries modified were   Deny log on through Remote Desktop Services Originally: Not Defined Currently: Has the account listed   Log on as a batch job Originally: Not Defined Currently: Has the account listed   Any ideas as to what other GPO entry needs to be defined or how to get a bit more useful reporting out of the command failure? Currently I’m not seeing any error other than the account/mailbox are never created.   The batch processing system is running 2012r2 with the Exch16 management tools installs commands are being executed against the Exch16 environment.  
~Patrick

Order By: Standard | Newest | Votes
SamErde posted this 29 January 2016

You may need to edit that GPO and explicitly include the default value for that user rights assignment. In addition to your service account, you should include Administrators, Backup Operators, and Performance Log Users, per this: 
https://msdn.microsoft.com/en-us/subscriptions/downloads/dn221944(v=ws.10).aspx.
Sam


show

idarryl posted this 29 January 2016

Could you turn on and/or check the Operational event log for PowerShell, check out the red dots there.  Event Viewer > Applications and Services Logs > Microsoft > Windows > PowerShell. 
I used that to debug a script that ran as a scheduled task previously.
Darryl
~
Darryl

show

patrickg posted this 02 February 2016

Added the additional AD groups to the GPO and performed a gpupdate on the affected systems.

 

Here’s the current error message found in the Operational PowerShell event log.

 

Error Message = The type initializer for 'Microsoft.Exchange.Management.Common.NewUserBase' threw an exception.

Fully Qualified Error ID = System.TypeInitializationException,Microsoft.Exchange.Management.RecipientTasks.NewMailbox

 

 

Context:

        Severity = Warning

        Host Name = ConsoleHost

        Host Version = 4.0

        Host ID = 486f77ea-ed12-417e-a931-3a45512032ed

        Host Application = powershell.exe -command C:\Scripts\EmployeeAutomation.ps1

        Engine Version = 4.0

        Runspace ID = d7bce300-0db6-481b-87cb-4d0bc4dd8a79

        Pipeline ID = 1

        Command Name = New-Mailbox

        Command Type = Cmdlet

        Script Name = C:\Scripts\Employee
Automation.ps1

        Command Path =



        Sequence Number = 17

        User = mydomain\service_account

        Shell ID = Microsoft.PowerShell

 

 

Ended it up tracing the issue back to a function deprecation on the Exchange Snap-in. Moved the script back to an older server running the Exch2010 management tools it ran. Refactoring

the code now to use PS-Remoting and remove the dependency on Microsoft.Exchange.Management.PowerShell.E2010 Snap-in.

 

 

 

~Patrick

 

 

show

Close