XADM: Error Message When You Assign New Task to User (320098)


The information in this article applies to:

  • Microsoft Exchange 2000 Server
This article was previously published under Q320098

SYMPTOMS

In Microsoft Outlook, if you try to assign a new Task to a user who is listed in the Global Address List (GAL), you may receive the following error message:
You do not have the permission to send the message on behalf of the specified user.

CAUSE

The security on the user object in Active Directory is incorrect.

RESOLUTION

To resolve this issue, you must change the security on the user object in Active Directory.

To restore the default security to the user object by using the Directory Services Access Control List command-line tool (Dsacls.exe):

Install Dsacls.exe

  1. Insert the Microsoft Windows 2000 CD into the CD-ROM drive.
  2. In the Microsoft Windows 2000 CD dialog box, click Browse This CD.
  3. Locate drive:\Support\Tools, and then double-click the Support.cab file.
  4. In the SUPPORT.CAB dialog box, right-click the Dsacls.exe file, and then click Extract.
  5. In the Browse for Folder dialog box, locate the %Systemroot%\System32 folder, and then click OK.
  6. Close the SUPPORT.CAB dialog box.
  7. Quit Windows Explorer, and then close the Microsoft Windows 2000 CD dialog box.

Restore Default Security by Using Dsacls.exe

  1. Click Start, and then click Run.
  2. In the Run dialog box, type cmd, and then click OK.
  3. At the command prompt, type dsacls object /S, where object is the distinguished name or path to the user object in Active Directory, for example:

    dsacls CN=Jeff Smith, OU=Software, OU=Engineering, DC=Widget, DC=US /S

  4. Press ENTER.NOTE: For help using Dsacls.exe, type dsacls /? at the command prompt.

  5. Close the command prompt.

Restore Default Security by Using Dsacls.exe

WARNING: If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Exchange 2000 Server, or both. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.
  1. Start ADSI Edit.
  2. Expand Domain NC.
  3. Expand DC=.
  4. Expand CN=Users.
  5. Right-click the affected user account, and then click Properties.
  6. In the Show properties to View list, click DistinguishedName.
  7. Select the attribute value, press CTRL+C to copy the value to use it later, and then close or minimize ADSI Edit.
  8. Click Start, and then click Run, type cmd, and then click OK.
  9. At the command prompt type the following command, and then press ENTER:

    dsacls "DistinguishedName" /S

    where DistinguishedName is the Value copied in step 7.
Alternatively, to reset all objects in a specific Organizational Unit (OU):
  1. Start ADSI Edit.
  2. Expand Domain NC.
  3. Expand DC=.
  4. Right-click Target OU, and then click Properties.
  5. In the Show properties to View list, click DistinguishedName.
  6. Select the attribute value, press CTRL+C to copy the attribute to use it later, and then close or minimize ADSI Edit.
  7. Click Start, and then click Run, type cmd, and then click OK.
  8. At the command prompt type:

    dsacls "DistinguishedName" /S /T

    where DistinguishedName is the Value copied in step 6.

    For example:

    dsacls "CN=Users,DC=Widget,DC=US" /S /T

Modification Type:MinorLast Reviewed:6/13/2003
Keywords:kbprb KB320098
©2002 Microsoft Corporation. All rights reserved.