返回
-
标题
In a Federated Tenant configuration, Active Roles does not use the optimal Organization name -
说明
In a Federated Tenant configuration, Active Roles does not use the optimal Organization name when working with Exchange Online cmdlets.
This can lead to poor performance and/or "Access Denied" error messages.
Attempting to set SendOn Behalf or SendAs using the Active Roles Web Interface fails.
Active Roles Administration Service verbose logging fails with an error message similar to the following:[ExchangeOnlineConnectionManager::ExecuteCommand] Source server:BN8PR15MB2865.namprd15.prod.outlook.com doesn't have write permission to target DC:DM5PR10A02DC002.NAMPR10A002.PROD.OUTLOOK.COM. Usually it indicates that target forest isn't an account partition of source forest. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03152E13, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 -
原因
Changes to the Microsoft guidelines and recommendations require implementing new logic within Active Roles.
This is being tracked as Defect ID 387657. -
解决办法
WORKAROUND
In the Active Roles Configuration Center, delete the Azure Tenant integration and re-integrate the Azure Tenant using a cloud-only Global Administrator.
STATUS
Waiting for a fix in a future release of Active Roles. -
变更请求
387657