Article ID: 281537 - View products that this article applies to.
This article was previously published under Q281537
This article describes the Policytest utility (Policytest.exe) that is located in the Support\Utils\i386 folder on the Exchange 2000 CD-ROM.
You can use the Policytest utility to determine if all of the domain controllers in the local domain have been given the Manage auditing and security logs permission for the Exchange Enterprise Servers group. When you run setup /domainprep from the Setup\i386 folder on the Exchange 2000 CD-ROM, this permission is automatically given to the domain controllers.
Policytest checks every domain controller in the local domain. If the permission is present on a particular server, you receive a "SeSecurityPrivilege" message. If you receive this message on all of your domain controllers, then the configuration has replicated to all of your domain controllers successfully.
When you run Policytest in a domain, you receive the following message:
This tool will check every domain controller in the local domain to see if the "Manage auditing and security logs" privilege granted to the "Exchange Enterprise Servers" group by DomainPrep has replicated to that DC. If the policy change has not yet replicated to all DCs, then you should avoid making policy changes on any DC that has not received those changes yet.If you are experiencing problems when you are using Exchange 2000, you can use Policytest to determine if the problem occurs because all your domain controllers do not have this permission. You can use this utility:
You must have Domain Admin rights to run this tool successfully. If you see an error that says:
!! LsaEnumerateAccountRights returned error 5 !!
then you don't have permission to open the LSA on the given DC.
Press any key to continue...
Local domain is "Microsoft.com"
Account is "Microsoft\Exchange Enterprise Servers"
DC = "DC1"
In site = "Default-First-Site-Name"
Right found: "SeSecurityPrivilege"