Event ID - 8316

Event Id8316
SourceMSExchangeAL
DescriptionThe service could not update the entry CN=UserNameB,CN=CustomOrgUnit,DC=domain,DC=com because inheritable permissions have been explicitly disabled to all objects in the container OU=CustomOrgUnit,DC=domain,DC=com. For this object to be mail-enabled properly, you will need to enable inheritable permissions on the security tab for this container so that the permissions can be propagated correctly to the entry that the service is trying to process.
Event Information"According to Microsoft:
Cause 1:

The Administrator account and the accounts that are members of the Active Directory security groups that are listed do not have the Allow inheritable permissions from parent to propagate to this object check box selected. This check box is located on the Security tab for the user or group object. This tab is displayed when Advanced Features is enabled on the Active Directory Users and Computers management console. If you select this check box, a Microsoft Windows system task clears the check box automatically.
This behavior is by design. This system task prevents security issues that may occur that stem from ""elevation of privilege"" attacks. For example, Group X is a member of the Domain Administrators security group. If the Access Control List (ACL) on Group X indicates that Group Y can modify the Group X object, members of Group Y may make themselves members of Group X. Transitively, they may become members of the Domain Administrators security group. We recommend that you do not use accounts with administrative permissions to perform mailbox-related tasks.
Resolution
:To access mailboxes or perform mailbox-related tasks, use Active Directory accounts that do not have administrative permissions.

Cause 2:
This behavior may occur if you disabled the Allow inheritable permissions from parent to propagate to this object check box on the Active Directory organizational unit that the accounts reside in.
Resolution :
Use either the Active Directory Users and Computers management console or use Active Directory Service Interfaces (ADSI) Edit to re-establish inheritable permissions on the organizational unit.In Active Directory Users and Computers
1. In Active Directory Users and Computers on the View menu, click Advanced Features.
2. Right-click the container or organizational unit that contains the users who are not being stamped by the Recipient Update Service, and
Reference LinksInheritable permissions from parent are not propagated to object

Missing permissions cause the Recipient Update Service not to process accounts in Exchange 2000 Server and Exchange Server 2003

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.