Dynamics CRM, Mailbox, Security Roles, Server-Side-Synchronization

Not enough privilege to access the Microsoft Dynamics 365 object or perform the requested operation

While trying to enable and test the mailbox of a user, I got the following error message:

Following message appears in the details:

Mailbox error missing privilege

Checking the traces on the backend server, I got the following error message:

In the error message, you can see, that there is a problem with the ObjectTypeCode 4120 and the message “User 0b89575a-c7da-e511-80d7-005056a25129 does not have write access to ExchangeSyncIdMapping”.

To verify the entity, I used the following query to get the name of the entity:

The result is, that this object type code belongs to the entity: ExchangeSyncIdMapping

Checking the security roles, I wasn’t able to find this entity, to define the privileges for the users. Therefore searching the web, I found a Microsoft article,  which described the privileges of this entity. But there was no information on how to set this privileges.

After some searching, I was able to find out, that the default roles have set different privileges in the background. I added the sales manager role to a new solution and exported this, but in this XML, there were no privileges listed. Therefore I changed in the CRM-UI on of the entity privileges and exported the solution again.

SecurityRole XML export

Now you can see all privileges of this role. I searched for all ExchangeSyndId-Privileges

SecurityRole ExchangeSyndId

and added these 4 entries to my security role (previously exported my custom role with a solution), imported this again and added the security role directly to the user. Now, the synchronization is working.