If you are facing issues with your Exchange 2010 servers, where the Event log ID 2080 is showing an unexpected value for SACL Right, this post shows how to fix it.

Issue

In the case of your Exchange server has lost, or for any reason, does not have the proper Audit Security Privilege set up on Domain Controllers, you will face the below issue:

As you can see above, some of the servers In-site have the correct permission (value =1 ), and others do not, including the Out-of-site DCs, which is more critical as in the case all In-site DCs lost communication as well, the Exchange services will go down.

Resolution

1 - To fix the above issue, you need to assign the proper rights to your Exchange servers on the Domain Controllers policy, as shown below:

2 - Edit the above setting, and add the group domain\Exchange Servers:

Force the new setting on your DCs with gpupdate /force

Wait a few minutes and your Exchange servers will now be able to retrieve the proper information from your DCs:

And now the correct values are shown on the Event ID 2080 again:

For any doubts or suggestions, please leave a comment below.