You are currently offline, waiting for your internet to reconnect

Add-ADPermission cmdlet together with a DomainController parameter fails in an Exchange Server 2010 environment

Consider the following scenario:
  • You have two domains (domain A and domain B) in a Microsoft Exchange Server 2010 environment.
  • You deploy an Exchange Server 2010 Mailbox server in domain A, and then you create a user account in domain B.
  • You try to grant the user permissions to a mailbox in domain A. To do this, you run the Add-ADPermission cmdlet and specify a global catalog server that is in domain B as the domain controller.
In this scenario, the cmdlet fails, and you receive the following error message:
User wasn't found. Please make sure you've typed it correctly.
+ CategoryInfo : InvalidArgument: (:) [Add-ADPermission], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : Error ID,Microsoft.Exchange.Management.RecipientTasks.AddADPermission
This issue occurs because the Exchange server does not use the specified global catalog server when an Active Directory session is created after the role-based access control (RBAC) scope verification process is complete.
To resolve this issue, install the following update rollup:
2706690 Description of Update Rollup 4 for Exchange Server 2010 Service Pack 2
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
More information
For more information about the Enable-Mailbox cmdlet, go to the following Microsoft website:For more information about the Add-ADPermission cmdlet, go to the following Microsoft website:

Article ID: 2698899 - Last Review: 08/16/2012 08:31:00 - Revision: 5.0

Microsoft Exchange Server 2010 Service Pack 2

  • kbqfe kbfix kbsurveynew kbexpertiseinter KB2698899