Failed to create New Global Address List on Exchange 2010

Techrunner
Published:
Browse All Articles > Failed to create New Global Address List on Exchange 2010
Failed to create New Global Address List on Exchange 2010

Problem Description:

Last week I was trying to create a new global address list on Exchange 2010 SP3 under test environment.

To create a new global address list, run the below command in exchange management shell. 
New-GlobalAddresslist “ORG-A.” –ConditionalCustomAttribute1 “ORGA” –IncludedRecipients “AllRecipients”

Open in new window

But, and unexpectedly, I got the following error 
WARNING: One or more global address lists were missing from the Active Directory attribute.  This is likely caused by using legacy Exchange management tools to create global address lists.
                      Active Directory operation failed on ex01.testlab.com. This error is not retriable. Additional information: The name reference is invalid.
                      This may be caused by replication latency between Active Directory domain controllers.
                      Active directory response: 000020B5: AtrErr: DSID-0315286E, #1:
                          0: 000020B5: DSID-0315286E, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 907ff (globalAddressList2)
                          + CategoryInfo          : NotSpecified: (0:Int32) [New-GlobalAddressList], ADConstraintViolationException
                          + FullyQualifiedErrorId : AD44A06F,Microsoft.Exchange.Management.SystemConfigurationTasks.NewGlobalAddressList

Open in new window


Solution

Seems simple enough... But like a lot of MS error messages, it normally needs / always advise doing a fair bit of research before diving in - especially with GAC type issues.

In searching for a solution, I came across a few references...
First was : http://social.msdn.microsoft.com/Forums/en-US/3210af54-d8b4-490f-9f5f-f4fc3209d324/newglobaladdresslist-fails-ad44a06f?forum=os_exchangeprotocols
And a great powershell script (inspired the script below) from : http://social.technet.microsoft.com/Forums/exchange/en-US/52854856-f517-4827-b3d3-3e589a422672/exchange-2010-sp-2-cant-create-second-gal?forum=exchange2010hosters

This article is a summation and adaption from the two links above and was then able to solve my problem.

The fix amounted to : We need to delete the corrupted entries in Global Address List.

Step 1 Find the problem

To clean up the corrupted entries, we need to first find those corrupted entries in GAL. To do that, run the below script in PowerShell on the Domain Controller and write down / keep the results as they are displayed. 

$ad = [ADSI]"LDAP://rootDSE";
                      $domain = $ad.rootDomainNamingContext;
                      $obj = New-Object System.DirectoryServices.DirectoryEntry("LDAP://CN=Microsoft Exchange,CN=Services,CN=Configuration,$domain"); 
                      
                      $count = 0;
                      $Gals1= $obj.GlobalAddressList;
                      foreach($g in $Gals1)
                      {
                         $g= $g.ToString().ToLower(); 
                         if($g.Contains("cn=deleted objects"))
                         {
                            Write-Host $g;
                            $count= $count +1;  
                         }
                      }
                      
                      Write-Host "$Count corrupted GAL entries found in property GlobalAddressList";
                      
                      $count = 0;
                      $Gals2= $obj.GlobalAddressList2;
                      foreach($g in $Gals2)
                      {  
                         $g= $g.ToString().ToLower();
                         if($g.Contains("cn=deleted objects"))  
                         {
                            Write-Host $g;          
                            $count= $count +1;  
                         }
                      }
                      Write-Host "$Count corrupted GAL entries found in property GlobalAddressList2";

Open in new window


You will find the corrupted entries (if any) similarly to those shown below. Your focus is on the entry that clearly shows 'n' corrupted entries found ... 
cn=myglobaladdresslist2\0adel:6931193c-3362-489b-a766-4d1820704080,cn=deleted objects,cn=configuration,dc=testlab,dc=com
                      1 corrupted GAL entries found in property GlobalAddressList
                      0 corrupted GAL entries found in property GlobalAddressList2

Open in new window


Step 2 - Cleanse

Now you are ready to remove them manually, and take great care at this stage because you want to make very sure that you only "fix" the real problem and not create more work.

To remove it Open ADSIedit.msc on Domain Controller

Expand Services> Microsoft Exchange> Right Click and Go to Properties and then look for Globaladdresslist and Globaladdresslist2.

From the above the above script we found the corrupted entries in Globaladdresslist. Hence, Select Globaladdress list and click Edit. You will see the corrupted entry and remove them.

Then I was able to successful create new global address list

Hope it was informative.

And a word of caution... Always backup and create a recovery point and document everything you have done...
3
5,579 Views

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.