After you install Exchange Server 2007 CCR Service Pack 2, the Exchange Management Console displays an error: "Warning: The server administrator '<CCR_node>' not a member of the Exchange View-Only Administrators"
The server administrator 'CCR_node' not a member of the Exchange View-Only Administrators.
- Open the Adsiedit.msc tool. This tool is included in Windows Server 2008 and requires that the Active Directory Domain Services (AD DS) role or tools are installed. This tool is also available in Windows Server 2003 Support Tools.
For more information about the Adsiedit.msc tool, visit the following Microsoft Web site:
- Click the computer node in the navigation pane
- On the Action menu, click Setting, and then click Connect To.
- In the Connection Point area, click Select a well known Naming Context.
- In the drop-down menu, point to Configuration, then click OK
- Expand Configuration [domainControllerName.example.com], expand CN=Configuration,DC=example,DC=com, expand CN=Services, expand CN=Microsoft Exchange, expand CN=[orgName], expand CN=Administrative Groups, expand CN=Exchange Administrative Group, expand CN=Servers, and then expand Clustered_Mailbox_server.
- Right-click Clustered_Mailbox_server, and then click Properties. Note the properties of the clustered mailbox server.
- Click the Security tab.
- Find the server account for the passive node of your cluster. Remove all permissions for this account except for the following Read permissions:
- Read Metabase Properties
- Store Read Only Access
- View Information Store Status
- Click Advanced.
- In the Advanced dialog box, select a row that references the passive node of your cluster.
- Click Edit.
- Click the Properties tab.
- Add the following permissions that have the scope, "This Object Only":
- Write property msExchEdgeSyncCred
- Write property msExchServerSite
- Click OK.
- Click Edit.
- Add the following permissions that have the scope "This Object and all descendant objects":
- List Contents
- Read All Properties
- Read Permissions
- Trigger a replication among the domain controllers.
- Refresh the Exchange Management Console. After you do this, the Exchange View-Only Administrator group is removed.
- Use Windows PowerShell to verify that the Exchange View-Only Administrator group is removed. To do this, follow these steps:
- Click Start, point to All Programs, point to Microsoft Exchange Server 2007, and then click Exchange Management Shell.
- Type Get-ExchangeAdministrator, and then press ENTER.
- Verify that the Exchange View-Only Administrator group is no longer part of the computer accounts.
- Test failover and client access.
Article ID: 975807 - Last Review: 02/01/2010 18:45:53 - Revision: 1.0
- kbexchcluster kbexpertiseadvanced kbtshoot kbsurveynew kbprb KB975807