[E2010][PS][C#] Differences in MailContact created in code and in management shell RRS feed

  • Question

  • Hello,

    I have some C# code that creates a MailContact in Exchange 2010 using PowerShell remotely connecting to a CAS server. It works fine and the MailContact is created. However, when I run the command Add-ADPermission from the Exchange Management Shell (EMS), I get the following error:

    Active Directory operation failed on {DC}. This error is not retriable. Additional information: Ac
    cess is denied.
    Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
        + CategoryInfo          : WriteError: (0:Int32) [Add-ADPermission], ADOperationException
        + FullyQualifiedErrorId : 87543ECC,Microsoft.Exchange.Management.RecipientTasks.AddADPermission

    What is interesting is that is I create the MailContact from the EMS using the exact same command I used in code, everything works fine when adding the AD permission.

    I compared the AD permissions on each object and they look identical. Form what I can tell the AD properties all look consistent with the exception of dSCorePropagationData which shows 0x0 for the one that does not work (created in code).

    Any ideas on why there would be a difference in the MailContact created through code?

    Thank you!

    Tuesday, October 9, 2012 8:02 PM


  • Looks like this is solved. I was remotely connecting to an Mailbox server rather than a CAS server. When I changed my code to connect to a CAS server this works as expected. Not quite sure why the difference other than the owner of the object but at least it is fixed now.

    Is the CAS server normally the connection point for remote powershell?

    Thank you!

    • Marked as answer by Karlman68 Tuesday, October 9, 2012 8:43 PM
    Tuesday, October 9, 2012 8:42 PM