Symptoms

Consider the following scenario:

  • You have two domains (domain A and domain B) in a Microsoft Exchange Server 2010 environment.

  • You deploy an Exchange Server 2010 Mailbox server in domain A, and then you create a user account in domain B.

  • You try to grant the user permissions to a mailbox in domain A. To do this, you run the Add-ADPermission cmdlet and specify a global catalog server that is in domain B as the domain controller.

In this scenario, the cmdlet fails, and you receive the following error message:

User wasn't found. Please make sure you've typed it correctly. + CategoryInfo : InvalidArgument: (:) [Add-ADPermission], ManagementObjectNotFoundException + FullyQualifiedErrorId : Error ID,Microsoft.Exchange.Management.RecipientTasks.AddADPermission

Cause

This issue occurs because the Exchange server does not use the specified global catalog server when an Active Directory session is created after the role-based access control (RBAC) scope verification process is complete.

Resolution

To resolve this issue, install the following update rollup:

2706690 Description of Update Rollup 4 for Exchange Server 2010 Service Pack 2

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

For more information about the Enable-Mailbox cmdlet, go to the following Microsoft website:

General information about the Enable-Mailbox cmdletFor more information about the Add-ADPermission cmdlet, go to the following Microsoft website:

General information about the Add-ADPermission cmdlet

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.