Monday, May 17, 2010

msExchMasterAccountSid For Disabled Accounts

I moved all exchange mailboxes from one Exchange 2003 server to another Exchange 2003 server. After the migration of these user mailboxes I received the following errors only for disabled accounts.

Event Type: Warning
Event Source: MSExchangeIS
Event Category: General
Event ID: 9548
Date: 5/18/2010
Time: 9:15:46 AM
User: N/A
Computer: MAIL1
Disabled user /o=Company Organisation Name/ou=First Administrative Group/cn=Recipients/cn=User Name does not have a master account SID. Please use Active Directory MMC to set an active account as this user's master account.

Event Type: Error
Event Source: MSExchangeIS Mailbox Store
Event Category: Logons
Event ID: 1022
Date: 5/18/2010
Time: 9:15:49 AM
User: N/A
Computer: MAIL1
Logon Failure on database "Storage Group 01\Mailbox Database" - Windows 2000 account NT AUTHORITY\SYSTEM; mailbox /o=Company Organisation Name/ou=First Administrative Group/cn=Recipients/cn=User Name.
Error: -2147221231

To resolve this issue I had to give the account "SELF" permissions for "Associated external account". If the user does not have these permissions to its own account it is unable to set the msExchMasterAccountSID attribute for the disabled account causing the error. By setting this permission on the disabled account, it allows it to mark the msExchMasterAccountSID attribute.

To do this follow this procedure:

1. In the Active Directory Users and Computers snap-in, on the View menu, click Advanced Features.

2. In the Exchange Advanced properties of the disabled user object that owns the mailbox, click Mailbox Rights, and then search the list of accounts for one that has the Associated External Account permission.

4. If no account has this permission, grant the SELF account Associated External Account and Full Mailbox Access permissions.

For further information on this issue please see the below Microsoft knowledge base article.

No comments:

Post a Comment