Entries similar to the following are written to the log:
Enumerating mailbox store 0: CN=Container name,CN=Exchange Administrative Group,CN=Administrative Groups,CN=Container name,CN=Microsoft Exchange,CN=Container Name,CN=Container Name,DC=Domain controller,DC=Domain Controller,DC=Domain Controller
Debug Trace: HRESULT=0x8007200A - The specified directory service attribute or value does not exist.
The SMSMSE service account does not have read access to the Exchange database object listed in the error above.
If all permissions appear correct per the above document, this is an indication that the Exchange-View Only Organization Management group is not granting read access to the database object listed above as expected.
Workaround Manually assign the permission to read the database object to the SMSMSE service account via the Exchange Management Shell
Open the Exchange Management Shell as administrator
Run the command Get-MailboxDatabase -identity “<mailbox database name>” | Add-ADPermission -user <SMSMSE service account> -AccessRights Reviewer
This should allow the SMSMSE service account to read the contents of the mailbox database and build the list of users. Keep in mind that this is a workaround, ultimately the Exchange View-Only Administrators group should grant access to all Exchange databases. It is recommended to troubleshoot the underlying reason the Exchange View-Only Administrators group does not have read access to this database object.
Subscribing will provide email updates when this Article is updated. Login is required.