Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Error message when you run the "clean-mailboxdatabase" cmdlet on an Exchange Server 2007 computer by using an account that is lacking Exchange Organization Administrator permissions: "Exchange is unable to clean the database that you spe...

Error message when you run the "clean-mailboxdatabase" cmdlet on an Exchange Server 2007 computer by using an account that is lacking Exchange Organization Administrator permissions: "Exchange is unable to clean the database that you spe...

View products that this article applies to.

Symptoms

When you run clean-mailboxdatabase cmdlet from the Exchange Management Shell on a Microsoft Exchange Server 2007 computer by using an account that is lacking Exchange Organization Administrator permissions, you receive a MAPIExceptionNoAccess error message that resembles the following:
[PS] C:\> clean-mailboxdatabase �Mailbox Database�

Clean-MailboxDatabase : Exchange is unable to clean the database that you specified. Specified data base: <FQDN>\Mailbox Database; Error code: MapiExceptionNoAccess: Unable to sync mailboxes with DS (hr=0x80070005, ec=-2147024891).

At line:1 char:22
+ clean-mailboxdatabase <<<< "Mailbox Database"

↑ Back to the top

Cause

In Exchange Server 2003, the database cleanup agent can be run by any regular Exchange Full Administrator. This behavior is changed in Exchange Server 2007. When you run the clean-mailboxdatabase cmdlet in Exchange Server 2007, you must have Organization Administrator permissions. This is true unless you have granted the account or the group in question the minimum permissions set, as described in the "Resolution" section.

↑ Back to the top

Resolution

To resolve this issue, use the Exchange Management Shell to add the minimum permissions set. To do this, follow these steps:
  1. Open the Exchange Management Shell.
  2. At the command prompt, run the following commands:

    Add-ADPermission �Identity �Exchange Administrative Group (FYDIBOHF23SPDLT)� �User <account or group name> �AccessRights extendedright �ExtendedRights �Administer information store", "View information store status"

    Add-ADPermission �Identity �Exchange Administrative Group (FYDIBOHF23SPDLT)� �User <account or group name> �AccessRights GenericRead
To make these commands work, you must also use the Exchange Management Console (EMC) to make your account or group the Exchange Server administrator on the server. To do this, follow these steps:
  1. Start EMC, right-click Organization Configuration, and then click Add Exchange Administrator.
  2. Click Browse to select the account or group that you want to add, and then click OK.
  3. Select the Exchange Server Administrator role option, and then click +Add.
  4. Select the servers on which you want to add permission to the account or group, and then click OK.
  5. Click Add, and then click Finish.
Note To fully administer the Exchange server, manually add the user or group to the built-in local administrator�s group on the server.

↑ Back to the top

More information

For more information about the clean-mailboxdatabase cmdlet, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/bb124076.aspx

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

Keywords: KB960147, kbtshoot, kbinfo, kbexpertiseadvanced, kbexpertiseinter

↑ Back to the top

Article Info
Article ID : 960147
Revision : 3
Created on : 9/10/2011
Published on : 9/10/2011
Exists online : False
Views : 365