Process %1 (PID=%2). The Exchange computer %3 does not have Audit Security Privilege on the domain controller %4. This domain controller will not be used by Exchange Active Directory Provider.

This Warning event indicates that the Exchange server specified in the event description does not have the Audit Security Privilege on the domain controller specified in the event description. DSAccess will not use the domain controller specified in the event description until this warning is fixed. The possible causes of this event include the following:

• A recent permissions change removed the rights required for the Exchange Security Group to enable DSAccess to communicate with the Active Directory® directory service.

• Exchange groups such as Exchange Servers and Exchange Enterprise Servers were moved out of default Users container.

To resolve this warning, do one of more of the following:

• Run the policytest.exe utility. This utility is located in the \i386\Server\Setup\ServerRoles\Common folder on the Microsoft® Exchange Server CD. The policytest.exe utility produces a list of domain controllers and reports the presence or absence of the required privilege on these domain controllers.

  If policytest.exe reports that the required privileges are found on all domain controllers, review the System log on the domain controller to try to determine the root cause of this problem.

  If the policytest.exe indicates that the required privileges are not present, do the following:

  1. Open the Default Domain Controllers Security Settings snap-in on the domain controller specified in the event description.

  2. In the console tree, under Security Settings, expand Local Policies, and then click User Rights Assignments.

  3. In the results pane, double-click Manage auditing and security log. Verify that both the Exchange Servers group and the Exchange Enterprise Servers group are listed.

• Make sure that the Exchange server is still a member of the Exchange Domain Servers group. Also, make sure that the Exchange Domain Servers group is a member of Exchange Enterprise Servers group.

• Make sure that the group permissions are inherited by the Microsoft Exchange computer account.

For more information about Security Privilege issues and the policytest.exe tool, see Microsoft Knowledge Base article 314294, XADM: Exchange 2000 Error Messages Are Generated Because of SeSecurityPrivilege Right and Policytest Issues.

If you are not already doing so, consider running the tools that Microsoft Exchange offers to help administrators analyze and troubleshoot their Exchange environment. These tools can help you make sure that your configuration is in line with Microsoft best practices. They can also help you identify and resolve performance issues, improve mail flow, and better manage disaster recovery scenarios. Go to the Toolbox node of the Exchange Management Console to run these tools now. For more information about these tools, see Toolbox in the Exchange Server 2007 Help.