Showing results for 
Search instead for 
Did you mean: 

Users unable to access their vaults

Level 4
Partner Accredited Certified

Hi all,

I recently was involved in troubleshooting an access issue for a client. We managed to work out what was going on and I thought I'd share.


Users were unable to access their vaulted items. If they attempted to do so, they would be prompted for credentials. 


To try to get to a root cause, I checked the user's Provisining Group membership from "Display Policies Assigned to Mailboxes". This was showing that the user did not have a provisining group assignment. The group membership list for the user was long and his membership list was even longer so I explicitly added him as a user and ran the task again. Still no good!

My next step was to add a new group with a higher rank and then add him in. When I ran the provioning task this time it added him into the new group. I checked the event log and noticed the following error from the provisioning task run:


The Exchange mailbox provisioning task failed to read required information from Active Directory. The task has stopped. Ensure that the Active Directory server is operational and the account the task is using to log on has read access to the required objects. Then run the task again.

Task: Exchange Provisioning Task for


Provisioning group: group

Group member: OU=Some OU,DC=foo,DC=bar

AD server: GC://

Error: Failed to read required properties from AD 'OU' object [GC:// OU,DC=foo,DC=bar] - There is no such object on the server.

For more information, see Help and Support Center at 


Aha! My client had recently done some AD renovating and the provisioning task was failing when it encountered OUs in its list that no longer existed. Removing these objects resolved the issue.

I hope this helps somebody!



Level 6

Thanks for sharing. There is a TN out there that I will get updated.   

Level 6



What version of EV were you seeing this on? We've tried to repro it internally, using EV9SP3 but was unsuccessful.

Steps taken:-

1) Create a Provisioning Group with 1 OU in it.

2) Provision the users.

3) Create a new OU and add that to the PG.

4) Provision the users.

5) Delete the OU in AD.

6) Run Provisioning, no errors.

Level 4
Partner Accredited Certified

Thanks Mark. It was EV 10 but the client has been running EV since 7.5. The issue was present when they were running 8.