| Event Id | 8317 |
| Source | MSExchangeAL |
| Description | "The service could not update the entry CN=UserName,CN=Users,DC=domain,DC=com because inheritable permissions may not have propagated completely down to this object yet. The inheritance time may vary depending on the number of Active Directory objects within the domain and also the load of your domain controllers. To correct this problem, verify that the Exchange permissions have been propagated to this object and then force a rebuild for the Recipient Update Service on this domain. DC=domain,DC=com" |
| Event Information | According to Microsoft: Cause : The permissions may have been modified or removed without knowing how it would affect Microsoft Exchange and the Recipient Update Service. Resolution : To verify that the permissions for the Exchange Enterprise Servers group are missing at the domain level, follow these steps: 1. Click Start, point to Programs, point to Microsoft Exchange, and then click Active Directory Users and Computers. 2. On the View menu, click Advanced Features. 3. Right-click the domain, and then click Properties. 4. Click the Security tab, and then click Advanced. There are several permissions for Exchange Enterprise Groups at the domain level. These permissions include four write permissions. If some of the write permissions are missing, it is very likely that the MSExchangeAL 8270 and 8317 events that were discussed earlier will be logged in the Event Viewer Application log. If all the write permissions are missing, there may not be any errors logged. To reset the permissions for the Exchange Enterprise Servers group if they are missing, follow these steps: 1. Insert your Exchange 2000 Server or Exchange Server 2003 CD-ROM into the CD Drive. 2. Click Start, click Run, type <drive>:\I386\Setup.exe /domainprep in the Open box, and then press ENTER. <drive> refers to the drive letter of your CD Drive. When you run Setup with the /domainprep switch, you restore default permissions for the Exchange Enterprise Servers group. 3. To rebuild the Recipient Update Services, follow these steps: a. Click Start, point to Programs, point to Microsoft Exchange, and then click Exchange System Manager. b. Double-click Recipients, and then click Recipient Update Services. c. Right-click each Recipient Update Service listed in the right pane, and then click Rebuild. |
| Reference Links | Inheritable permissions from parent are not propagated to object Missing permissions cause the Recipient Update Service not to process accounts in Exchange 2000 Server and Exchange Server 2003 |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.