Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Directory Management Service "error: Access denied"

Status
Not open for further replies.

SecureNetworx

Technical User
Jun 3, 2005
10
US
We get this error when we attempt to create a Distribution Group using the Create New Site dialog.

"The group operation succeeded, but the distribution group could not be updated because of the following error: The Directory Management Service reported the following error: Access denied."

Any help would be greatly appreciated.
 
Hi,

Sounds like a permissions issue. Have you checked so that the account that handles these things in SharePoint have appropriate access in your AD (or other Directory Service)?
The actual group and users are not created in SharePoint (as far as I know) so most likely you need to look into the permissions on your Directory Service and the specific container where you are creating the Distribution group.

Cheers,
Thomas




 
hey did you ever figure out what permission needed to be set
 
While I have Sharepoint Services creating the Distribution Groups in Active Directory I haven't had time to fine tune my solution to put the issue to rest. That being said I'll give you what I have as a working solution at this time.

First, add the Sharepoint application pool account as a local Administrator on the machine(s) hosting the front-end of your Sharepoint Site (this is the part where I haven't had the time to research the minimum permissions required for the solution to work).

Secondly, assuming a SQL Server back-end you'll need to give Execute permission (so the app pool can execute stored procedures) to the Sharepoint application pool account at the Schema Level for the Sharepoint_Config database.

Third, the permissions for the OU need to be extended by giving Read and Write permissions to the SQL Database account that you passed to Sharepoint when you initialized the farm.

Let me know if you need any further clarification.
 
I did everything you suggested above, for both my Central Admin account and my site app pool account, plus setting up a SMTP connector (which I'm not sure I needed).

Nothing is being created in the OU on the domain controller, even though both SharePoint accounts are enabled to create/manage users.

I am not getting anything in the WSS 3.0 server in its error logs etc., nor in the ADUC/DC server.

Thank you, Tom

 
I don't believe anything relative to an SMTP connector is required to configure distribution groups; one item I would like to clarify is that since you're not getting any errors that a review of Sharepoint Services Central Administration/Distribution Groups shows no pending entries?
 
I needed a SMTP connector to get the docs sent to the SharePoint server, and one has to set the SharePoint service account to local admin to get things working with incoming mail. This is what worked for me.

Thanks, Tom
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top