Hi all,
We have exchange 2010 SP3 with 2012 dc's, i am trying to make a script for Helpdesk team to export mailboxes.
This is the script:
[System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic') | Out-Null
add-pssnapin Microsoft.Exchange.Management.PowerShell.E2010
$username=[Microsoft.VisualBasic.Interaction]::InputBox("Enter Full Name Or Alias Of The Mailbox You Want To Export", "Export To Pst", "") | get-mailbox
$alias = $username.alias
$path=[Microsoft.VisualBasic.Interaction]::InputBox("Choose A Path For Export(Must Be A Network Path)","Export To Pst","Example:\\localhost\share\")
New-MailboxExportRequest -Mailbox $alias -FilePath $path$alias.pst
The script is working just fine to me and some other users but we are members of enterprise admins,domain admins and etc...
i assigned the "Mailbox import Export" Role to me and also to helpdesk team (not just to a group, i tried to specific user)
and only the helpdesk team get the following error when they try to run the script:
New-MailboxExportRequest : Active Directory operation failed on "dc.local" This error is not
aditional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-031521E1, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
At C:\Users\Royt\Desktop\ExportToPst.ps1:6 char:25
+ New-MailboxExportRequest <<<< -Mailbox $alias -FilePath $path$alias.pst
+ CategoryInfo : NotSpecified: (0:Int32) [New-MailboxExportRequest], ADOperationException
+ FullyQualifiedErrorId : 1F8F41F,Microsoft.Exchange.Management.RecipientTasks.NewMailboxExportRequest
I repeat the problem is not in the script because it working for me and others domain admins.
i tried to reset the inheritance permissions ADUC but no success.
Any ideas what could it be??
What kind of AD permissions should i grant to those users?? except to the role assignments??
They are members of AD built-in administrators