XADM: Description of the Policytest.exe Utility

Article translations Article translations
Article ID: 281537 - View products that this article applies to.
This article was previously published under Q281537
Expand all | Collapse all


This article describes the Policytest utility (Policytest.exe) that is located in the Support\Utils\i386 folder on the Exchange 2000 CD-ROM.


You can use the Policytest utility to determine if all of the domain controllers in the local domain have been given the Manage auditing and security logs permission for the Exchange Enterprise Servers group. When you run setup /domainprep from the Setup\i386 folder on the Exchange 2000 CD-ROM, this permission is automatically given to the domain controllers.

Policytest checks every domain controller in the local domain. If the permission is present on a particular server, you receive a "SeSecurityPrivilege" message. If you receive this message on all of your domain controllers, then the configuration has replicated to all of your domain controllers successfully.

When you run Policytest in a domain, you receive the following message:
This tool will check every domain controller in the local domain to see if the "Manage auditing and security logs" privilege granted to the "Exchange Enterprise Servers" group by DomainPrep has replicated to that DC. If the policy change has not yet replicated to all DCs, then you should avoid making policy changes on any DC that has not received those changes yet.

You must have Domain Admin rights to run this tool successfully. If you see an error that says:

!! LsaEnumerateAccountRights returned error 5 !!

then you don't have permission to open the LSA on the given DC.

Press any key to continue...

Local domain is "Microsoft.com"
Account is "Microsoft\Exchange Enterprise Servers"

DC = "DC1"

In site = "Default-First-Site-Name"
Right found: "SeSecurityPrivilege"
If you are experiencing problems when you are using Exchange 2000, you can use Policytest to determine if the problem occurs because all your domain controllers do not have this permission. You can use this utility:
  • If you want to determine if the policy has replicated after you run setup /domainprep, but before you run the actual Exchange 2000 installation program.
  • If you are experiencing problems mounting your Exchange databases.
  • If you are experiencing Exchange 2000 Setup problems.


Article ID: 281537 - Last Review: February 27, 2007 - Revision: 1.6
  • Microsoft Exchange 2000 Server Standard Edition
kbinfo KB281537

Give Feedback


Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com