Article ID: 317234
Article Last Modified on 2/28/2007
APPLIES TO
- Microsoft Exchange 2000 Server Standard Edition
This article was previously published under Q317234
SYMPTOMS
If you run the IMailboxStore::CreateMailbox() method or the IMailboxStore::MoveMailbox() method from CDO for Exchange Management (CDOEXM), and you are using an account that does not use the same security context as the Exchange 2000 server, the CreateMailbox() or the MoveMailbox() method may fail.
In the following code sample, the ADS code succeeds:
' ADS code succeeds Dim objUser As IADsUser Set objUser = objOpenDSO.OpenDSObject(sUsersDN, "domain1\Administrator", "password",ADS_SECURE_AUTHENTICATION)
Then the IMailboxStore interface on the same object fails:
' IMailboxStore interface on the same object fails Dim objMailbox As CDOEXM.IMailboxStore Set objMailbox = objUser objMailbox.CreateMailbox(sPrivMdbDN)
The CreateMailbox() method fails with an access denied error when the application is not run under the domain/Exchange Administrator account.
The CreateMailbox() member function does a security check against the Exchange 2000 security settings. This security check should succeed because objUser was created using the Administrator credentials.
CAUSE
This problem occurs because Exchange 2000 has to impersonate the Administrator account to use remote procedure call (RPC) to the remote computer. This requires local logon rights for the Administrator account for which credentials are passed.
WORKAROUND
To work around this problem, run the code under a context that is a local Administrator on the Exchange 2000 server.
STATUS
Microsoft has confirmed that this is a problem in Microsoft Exchange 2000 Server.
Keywords: kbbug kbnofix KB317234