Archive for May 2012

Logon failure: the user has not been granted the requested logon type at this computer.

I want to give permission to User A  only to create mailbox in exchange 2010, apart from creating mailbox user should not be able to make any changes to exchange server.
To do that, go to Exchange Management Console...Toolbox...Role Based Access Control (RBAC)

You can either create new Role Group or use existing "Recipient Management" make sure you remove all other Assigned Roles except "Mail Recipient Creation" only in case you don't want user to create or do anything else as in my case.
Once it's done, log in to the exchange server and make sure you only see Organization Configuration and Recipient Configuration in Exchange Management Console. 
In my case User A will be logging to the server through RDP not directly to the server. User A logged in to exchange server successfully and when he opened EMC, he got credential pop up, after entering the credentials, he go the below error message.
I checked on the internet and got this technet article http://technet.microsoft.com/en-us/library/cc940238.aspx but it didn't helped. I ran this command hoping that it will fix the issue net user UserA /active:yes but it didn't worked.
Technical it shouldn't give this error (as far as the exchange server permission concerns), but the error is talking about Windows and not Exchange. I checked UAC (User Access Control) and found that it was set to Always notify. I set it to Never notify (disable) and restarted the server.

After the restart, User A logged in to the server and now he can open the EMC successfully and can only see Organization and Recipient Configuration. Created few Test Mailbox and it worked like the way it should be.

Cheers,

EXCHANGE RANGER