I am running this command on Exchange 2010 server:
Add-ADPermission -Identity 'CN=HW/SW,CN=Microsoft Exchange System Objects,DC=aaa,DC=com' -User
'FCB\PM1O' -ExtendedRights Send-as
Receive error back
Active Directory operation failed on xxxxx. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
+ CategoryInfo : WriteError: (0:Int32) [Add-ADPermission], ADOperationException
+ FullyQualifiedErrorId : 815E5F9A,Microsoft.Exchange.Management.RecipientTasks.AddADPermission
Verified I am member of Exchange Public Folder Management and Organization Management. Verified these groups have full control of OU for Microsoft Exchange system objects. I am suspecting the GC server tha the operation is failing on, but can't seem to set which one to talk to. I've tried to set the scope to forest and set preferred catalog server, but it doesn't seem to want to go to anyone but the one it keeps getting this error on.
Helpful hints here would be greatly appreciated as I'm running out of patience.
TIA.