Role assignment with custom write scope fails in an Exchange Server 2013 environment

Applies to: Exchange Server 2013 EnterpriseExchange Server 2013 Standard Edition


In a Microsoft Exchange Server 2013 environment, Exchange Web Services (EWS) impersonation fails, and you receive the following error message:
ServiceResponseException "Active Directory operation did not succeed. Try again later."

Additionally, some other cmdlets that use role assignments may fail with an error message that resembles the following:
Received a referral to ChildDomain when requesting CN=UserName,CN=Users,DC=ChildDomainName,DC=Domain,DC=com from
ServerName. You have specified the wrong server for this operation.

These issues occur if Exchange is installed in a child domain, and a custom write scope such as the CustomRecipientWriteScope or CustomAttribute1 parameter is specified in these operations.


To resolve this issue, install Cumulative Update 9 for Exchange Server 2013.


To work around this issue, do not use a custom write scope. Instead, let the scope apply to all mailboxes in the organization.

For example, run one of the following commands to remove the CustomRecipientWriteScope or CustomAttribute1 scope:
  • Set-ManagementRoleAssignment "UserName" -CustomRecipientWriteScope $null
  • Set-ManagementRoleAssignment "UserName" -CustomAttribute1 $null


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

For more information about how to configure Exchange Impersonation, go to the following Microsoft website: