In a Federated Tenant configuration, Active Roles does not use the optimal Organization name (4369490)

Chat now with support

Return

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title

In a Federated Tenant configuration, Active Roles does not use the optimal Organization name
Description

In a Federated Tenant configuration, Active Roles does not use the optimal Organization name when working with Exchange Online cmdlets.

This can lead to poor performance and/or "Access Denied" error messages.

Attempting to set SendOn Behalf or SendAs using the Active Roles Web Interface fails.

Active Roles Administration Service verbose logging fails with an error message similar to the following:
[ExchangeOnlineConnectionManager::ExecuteCommand] Source server:BN8PR15MB2865.namprd15.prod.outlook.com doesn't have write permission to target DC:DM5PR10A02DC002.NAMPR10A002.PROD.OUTLOOK.COM. Usually it indicates that target forest isn't an account partition of source forest. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03152E13, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
Cause

Changes to the Microsoft guidelines and recommendations require implementing new logic within Active Roles.
This is being tracked as Defect ID 387657.
Resolution

WORKAROUND

In the Active Roles Configuration Center, delete the Azure Tenant integration and re-integrate the Azure Tenant using a cloud-only Global Administrator.

STATUS

Waiting for a fix in a future release of Active Roles.
Change Request

387657

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title