Re: adc error
From: Steven Halsey [MSFT] (Stevhal_at_Online.Microsoft.com)
Date: 04/09/04
- Next message: Lanwench [MVP - Exchange]: "Re: Open relay and SPAM"
- Previous message: Lanwench [MVP - Exchange]: "Re: Open relay and SPAM"
- In reply to: drl: "Re: adc error"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 9 Apr 2004 16:50:36 -0700
Quick Backgrounder on how ADC works:
1. ADC reads the 5.5 Directory to find the SID of the Associated-NT-Account
for a new mailbox
2. It tries to find that SID, in the Active Directory (AD)
3. If it finds the SID, it imports the mailbox data onto the Account in the
AD
4. If it does not find the SID, it attempts to create a disabled Users
Account as a place-holder for the mailbox
5. If it fails steps 3 or 4 it logs an event similar to what you described,
it tries several times then quits, and won't try to re-import the mailbox
until something has changed on the object.
For the passwordtest account:
Your passwordtest mailbox, looks like it was trying to create a disabled
user account in the AD as a place holder. However, it was failing due to
Windows rejecting (possible duplicate samAccountName, permission problem, or
bad value in the list). At this time ADC probably has given up trying to
replicate the mailbox. However, since that time you have migrated the NT
account so instead of path 4, it should now be path3. I'd try touching the
5.5 mailbox and changing some information on it, like address or
description, this will signal ADC to attempt to replicate the mailbox again.
Hopefully this time it will find the proper account in the AD. Also check
to be sure the Windows container you have put the passwordtest account into
has read/write/create permissions for account that the ADC Configuration
Agreements uses when connecting to the AD.
For your other Accounts:
You probably have disabled accounts created for them. Check the Active
Directory to see if you can see if you can find an disabled accounts for
them.
After you migrate the accounts from NT4 you'll need to run Exchange ADClean
to merge the newly migrated windows account with the Exchange mailbox.
-- Steven Halsey Stevhal@online.microsoft.com Microsoft Exchange Please do not send email directly to this alias. This alias is for newsgroup purposes only. This posting is provided "AS IS" with no warranties, and confers no rights. "drl" <anonymous@discussions.microsoft.com> wrote in message news:1617e01c41e71$05e7c6b0$a001280a@phx.gbl... > The passwordtest account is in a trusted (nt4) domain. > This behavior happens for all new accounts. I have tried > using ADMT to migrate the user account from the nt4 > domain to AD after-the-fact and it works, but Exchange > attributes never synch up. > > I have never tried this until you mentioned it, but I > created a user account in AD and then went back to the > Exchange 5.5 server and created a mailbox. I pointed the > mailbox to be associated with the new AD user (across the > trust) and then went to replicate the ADC. This worked! > Exchange attributes synched on my new AD user. So any > ideas on why the ADC won't just automatically replicate > the new nt4 users (and mailbox attributes) to AD? > >>-----Original Message----- >> >>The error indicates that the Windows Domain Controller > is rejecting the >>changes that the Exchange ADC is trying to make. >> >>Does the 5.5 mailbox mentioned "passwordtest" have an > associated NT account >>from the Windows Directory, or does the Mailboxes > Associated NT account come >>from a trusted domain? >> >>Does this happen for all users/mailboxes you create or > just this one? If >>you create a new Windows Account in the Active directory > and create a >>mailbox on the 5.5 Server for the account do the > Exchange attributes get >>replicated to the new account? >>If they do then it would indicate the problem is > specific to the >>passwordtest account. >> >>-- >>Steven Halsey >>Stevhal@online.microsoft.com >>Microsoft Exchange >> >>Please do not send email directly to this alias. This > alias is for >>newsgroup purposes only. >> >>This posting is provided "AS IS" with no warranties, and > confers no rights. >> >> >> >>"drl" <anonymous@discussions.microsoft.com> wrote in > message >>news:1a61f01c41df8$e6414a70$a501280a@phx.gbl... >>> Initially, I used ADMT to migrate user accounts (and >>> groups, passwords, SID history) from NT4 domain to 2K3 >>> domain. Everything works fine up to that point. Then I >>> install ADC and I get a good initial synch. All > migrated >>> user accounts now have exchange attributes and AD is >>> aware of their mailboxes in the 5.5 org. But when I try >>> to add a new user in Exchange 5.5, the new user will > NOT >>> synch to AD. I have turned ADC logging up to the max > and >>> these are the errors I am getting: How do I fix this? I >>> am at my wit's end! >>> >>> Event Type: Error >>> Event Source: MSADC >>> Event Category: LDAP Operations >>> Event ID: 8270 >>> Date: 4/8/2004 >>> Time: 10:51:23 PM >>> User: N/A >>> Computer: MAILSERVER1 >>> Description: >>> LDAP returned the error [35] Unwilling To Perform when >>> importing the transaction >>> dn: >>> > cn=passwordtest,ou=Recipients,OU=Migration,DC=test,DC=org >>> changetype: Add >>> > legacyexchangedn:/o=ExOrg1/ou=Site1/cn=Recipients/cn=passw >>> ordtest >>> mailnickname:passwordtest >>> mail:passwordtest@kcha.org >>> proxyaddresses:SMTP:passwordtest@kcha.org >>> : X400:c=US;a= ;p=ExOrg1;o=Site1;s=passwordtest; >>> givenname:passwordtest >>> > msexchhomeservername:/o=ExOrg1/ou=Site1/cn=Configuration/c >>> n=Servers/cn=SONOMA >>> mapirecipient:TRUE >>> mdbusedefaults:TRUE >>> displayname:passwordtest >>> whencreated:20040409005356Z >>> > textencodedoraddress:c=US;a= ;p=ExOrg1;o=Site1;s=passwordt >>> est; >>> msExchMailboxGuid:3C9F58C9D9AD5447AFC5116ECB55D296 >>> samAccountName:passwordtest >>> userAccountControl:512 >>> showInAddressBook:CN=Global Address List,CN=All Address >>> Lists,CN=Microsoft Exchange,CN=Services,CN... >>> dLMemDefault:1 >>> ReplicationSignature:DEE92A709253384986B24DD765921797 >>> ReplicatedObjectVersion:0 >>> > msExchADCGlobalNames:EX5:cn=passwordtest,cn=Recipients,ou= >>> Site1,o=ExOrg1:organizationalperson$person$... >>> : forest:o=ExOrg10000000030AB89B0F61DC401 >>> > msExchUnmergedAttsPt:68006F006D0065006D0064006200000045005 >>> 80035003A0063006E003D004D006900630072006F00... >>> > ntsecuritydescriptor:010004806C050000880500000000000014000 >>> 000040058051900000000002400FF010F0001050000... >>> > msExchMailboxSecurityDescriptor:01000480400000005C00000000 >>> > 0000001400000002002C0001000000000224000100000001050000... >>> - >>> (Connection Agreement 'Users: test.org - Site1\ExOrg1' >>> #1940) >>> >>> >>> >>> Event Type: Error >>> Event Source: MSADC >>> Event Category: LDAP Operations >>> Event ID: 8021 >>> Date: 4/8/2004 >>> Time: 10:51:23 PM >>> User: N/A >>> Computer: MAILSERVER1 >>> Description: >>> LDAP Add on directory mailserver1.test.org for >>> > entry 'cn=passwordtest,ou=Recipients,OU=Migration,DC=test, >>> DC=org' was unsuccessful with error:[0x35] Unwilling To >>> Perform [ 0000052D: SvcErr: DSID-031A0FBC, problem 5003 >>> (WILL_NOT_PERFORM), data 0 >>> ]. (Connection Agreement 'Users: test.org - Site1 >>> \ExOrg1' #1940) >>> >>> For more information, click >>> http://www.microsoft.com/contentredirect.asp. >>> >> >> >>. >>
- Next message: Lanwench [MVP - Exchange]: "Re: Open relay and SPAM"
- Previous message: Lanwench [MVP - Exchange]: "Re: Open relay and SPAM"
- In reply to: drl: "Re: adc error"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
