XADM: Description of the Policytest.exe Utility (281537)


The information in this article applies to:

  • Microsoft Exchange 2000 Server
This article was previously published under Q281537

SUMMARY

This article describes the Policytest utility (Policytest.exe) that is located in the Support\Utils\i386 folder on the Exchange 2000 CD-ROM.

MORE INFORMATION

You can use the Policytest utility to determine if all of the domain controllers in the local domain have been given the Manage auditing and security logs permission for the Exchange Enterprise Servers group. When you run setup /domainprep from the Setup\i386 folder on the Exchange 2000 CD-ROM, this permission is automatically given to the domain controllers.

Policytest checks every domain controller in the local domain. If the permission is present on a particular server, you receive a "SeSecurityPrivilege" message. If you receive this message on all of your domain controllers, then the configuration has replicated to all of your domain controllers successfully.

When you run Policytest in a domain, you receive the following message:

This tool will check every domain controller in the local domain to see if the "Manage auditing and security logs" privilege granted to the "Exchange Enterprise Servers" group by DomainPrep has replicated to that DC. If the policy change has not yet replicated to all DCs, then you should avoid making policy changes on any DC that has not received those changes yet.

You must have Domain Admin rights to run this tool successfully. If you see an error that says:

!! LsaEnumerateAccountRights returned error 5 !!

then you don't have permission to open the LSA on the given DC.

Press any key to continue...

===============================================
Local domain is "Microsoft.com"
Account is "Microsoft\Exchange Enterprise Servers"
===============================================

DC = "DC1"

In site = "Default-First-Site-Name"
Right found: "SeSecurityPrivilege"

If you are experiencing problems when you are using Exchange 2000, you can use Policytest to determine if the problem occurs because all your domain controllers do not have this permission. You can use this utility:
  • If you want to determine if the policy has replicated after you run setup /domainprep, but before you run the actual Exchange 2000 installation program.
  • If you are experiencing problems mounting your Exchange databases.
  • If you are experiencing Exchange 2000 Setup problems.
Modification Type:MinorLast Reviewed:4/28/2005
Keywords:kbinfo KB281537
©2004 Microsoft Corporation. All rights reserved.