When you run the get-ExchangeAdministrator cmdlet, you receive the following message: The account is not a member of Exchange View Only Administrators

 

Well, this problem does not occur when you install the Mailbox role, the Client Access role, or the Hub Transport role. It's just when you add a passive node to a CMS… what happen in the background is the computer account for the passive node take full control over the CMS object in active directory.

 

Symptom:

The nature of the problem is visible when you go to organization configuration in the EMC and a yellow line comes up in the top and stating that a certain computer account (which is the secondly added node to the cluster-passive-) is not member of exchange view only administrator, of when you open EMS (powershell) and type Get-ExchangeAdministrator you will find the same warning indication there..

 

Resolution:

1. Open the AdsiEdit.msc tool that is included in Windows Support Tools.
   
2. Connect to the domain.
   
3. Locate the following object:
   
4. CN=Clustered Mailbox server,CN=Servers,CN= Exchange Administrative Group (code),CN= Administrative Groups,CN=OrganizationName,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Domain,DC=com
   
5. Right-click this object, and then click Properties, go to security tab
   
6. Find the computer account for the passive node
   
7. Remove all permissions for that node except read permission
   
8. Click advanced and add the following permission for the passive node account (Apply to: This Object Only)
   
   1. Write property msExchEdgeSyncCred
      
   2. Write property msExchServerSite
      
9. In the advanced window add the following permissions for the passive node account ( Apply to: This object and all child objects)
   
   1. List Contents
      
   2. In the properties tab, check all properties that's start with (Read)
      

 

Get-ExchangeAdministrator

 

And viola, no more, it's done J