Announcement

Collapse
No announcement yet.

allowing exchange to function in a child domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • allowing exchange to function in a child domain

    I currently have exchange implemented in our parent domain (company.org). Our organization is wanting to setup child domains for some of our offsite locations (abc.company.org). i ran the exchange domain prep in abc.company.org and used ADMT to move a few test users over but exchange is still not functionion.

    My first impression was that the issue was with RUS so i created a new RUS that points to the child domain. When I do a rebuild on it the event viewer on the Exchange server has the following errors:

    Code:
    Event Type:	Error
    Event Source:	MSExchangeAL
    Event Category:	LDAP Operations 
    Event ID:	8022
    Date:		2/5/2008
    Time:		12:07:15 PM
    User:		N/A
    Computer:	POSTAL
    Description:
    LDAP Modify on directory dc4.majorhospital.org for entry '<SID=0102000000000005200000002A020000>' was unsuccessful with error:[0x20] No Such Object [ 00000525: NameErr: DSID-031A0F80, problem 2001 (NO_OBJECT), data 0, best match of:
    	''
     ].  DC=majorhospital,DC=org 
    
    For more information, click http://www.microsoft.com/contentredirect.asp.
    
    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Code:
    Event Type:	Error
    Event Source:	MSExchangeAL
    Event Category:	LDAP Operations 
    Event ID:	8270
    Date:		2/5/2008
    Time:		12:07:15 PM
    User:		N/A
    Computer:	POSTAL
    Description:
    LDAP returned the error [20] No Such Object when importing the transaction 
    dn: <SID=0102000000000005200000002A020000>
    changetype: Modify
    member:add:<GUID=222CE1D8-B731-4D6C-B32D-83DF6037FE0E>
    -
     DC=majorhospital,DC=org 
    
    For more information, click http://www.microsoft.com/contentredirect.asp.
    
    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Code:
    Event Type:	Warning
    Event Source:	MSExchangeAL
    Event Category:	Address List Synchronization 
    Event ID:	8168
    Date:		2/5/2008
    Time:		12:21:44 PM
    User:		N/A
    Computer:	POSTAL
    Description:
    Could not modify the object: 'CN=test\, exch,OU=intp-test,DC=intelliplex,DC=majorhospital,DC=org'. DC=intelliplex,DC=majorhospital,DC=org 
    
    For more information, click http://www.microsoft.com/contentredirect.asp.
    
    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Technology is only as good as those who use it

    My tech blog - wiredtek.wordpress.com

  • #2
    Re: allowing exchange to function in a child domain

    well i've checked the permissions in the child domain and the Exchange enterprise servers group has modify permissions.

    Trying to find more information on this issue and the errors i'm getting. it looks like i can migrate the users over using admt and their mailboxes are still accessible but i cannot create new mailboxes for users in the child domain.
    Technology is only as good as those who use it

    My tech blog - wiredtek.wordpress.com

    Comment


    • #3
      Re: allowing exchange to function in a child domain

      After seeing the following topology event i was able to see what is going on

      Code:
      Event Type:	Information
      Event Source:	MSExchangeDSAccess
      Event Category:	Topology 
      Event ID:	2080
      Date:		2/5/2008
      Time:		7:27:44 PM
      User:		N/A
      Computer:	POSTAL
      Description:
      Process WMIPRVSE.EXE -EMBEDDING (PID=3424). DSAccess has discovered the following servers with the following characteristics: 
       (Server name | Roles | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version) 
      In-site:
      DC3.majorhospital.org	CD- 6 6 0 0 1 1 6 1
      dc4.majorhospital.org	CDG 7 7 1 0 1 1 7 1
      DC5.majorhospital.org	CDG 7 7 1 0 1 1 7 1
       Out-of-site:
      dc-intp.intelliplex.majorhospital.org	CDG 7 7 1 0 0 1 7 1
      In order for exchange to use a server the server must have the SACL right (nTSecuritydescriptor) the dc i was trying to use did not have this right.
      Technology is only as good as those who use it

      My tech blog - wiredtek.wordpress.com

      Comment

      Working...
      X