Failed to create New Global Address List on Exchange 2010
Last week I was trying to create a new global address list on Exchange 2010 SP3 under test environment.
To create a new global address list, run the below command in exchange management shell.
New-GlobalAddresslist “ORG-A.” –ConditionalCustomAttribute1 “ORGA” –IncludedRecipients “AllRecipients”
But, and unexpectedly, I got the following error
WARNING: One or more global address lists were missing from the Active Directory attribute. This is likely caused by using legacy Exchange management tools to create global address lists.
Active Directory operation failed on ex01.testlab.com. This error is not retriable. Additional information: The name reference is invalid.
This may be caused by replication latency between Active Directory domain controllers.
Active directory response: 000020B5: AtrErr: DSID-0315286E, #1:
0: 000020B5: DSID-0315286E, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 907ff (globalAddressList2)
+ CategoryInfo : NotSpecified: (0:Int32) [New-GlobalAddressList], ADConstraintViolationException
+ FullyQualifiedErrorId : AD44A06F,Microsoft.Exchange.Management.SystemConfigurationTasks.NewGlobalAddressList
Seems simple enough... But like a lot of MS error messages, it normally needs / always advise doing a fair bit of research before diving in - especially with GAC type issues.
In searching for a solution, I came across a few references...
First was : http://social.msdn.microsoft.com/Forums/en-US/3210af54-d8b4-490f-9f5f-f4fc3209d324/newglobaladdresslist-fails-ad44a06f?forum=os_exchangeprotocols
And a great powershell script (inspired the script below) from : http://social.technet.microsoft.com/Forums/exchange/en-US/52854856-f517-4827-b3d3-3e589a422672/exchange-2010-sp-2-cant-create-second-gal?forum=exchange2010hosters
This article is a summation and adaption from the two links above and was then able to solve my problem.
The fix amounted to : We need to delete the corrupted entries in Global Address List.
Step 1 Find the problem
To clean up the corrupted entries, we need to first find those corrupted entries in GAL. To do that, run the below script in PowerShell on the Domain Controller and write down / keep the results as they are displayed.
$ad = [ADSI]"LDAP://rootDSE";
$domain = $ad.rootDomainNamingContext;
$obj = New-Object System.DirectoryServices.DirectoryEntry("LDAP://CN=Microsoft Exchange,CN=Services,CN=Configuration,$domain");
$count = 0;
foreach($g in $Gals1)
$count= $count +1;
Write-Host "$Count corrupted GAL entries found in property GlobalAddressList";
$count = 0;
foreach($g in $Gals2)
$count= $count +1;
Write-Host "$Count corrupted GAL entries found in property GlobalAddressList2";
You will find the corrupted entries (if any) similarly to those shown below. Your focus is on the entry that clearly shows 'n' corrupted entries found ...
Step 2 - Cleanse
1 corrupted GAL entries found in property GlobalAddressList
0 corrupted GAL entries found in property GlobalAddressList2
Now you are ready to remove them manually, and take great care at this stage because you want to make very sure that you only "fix" the real problem and not create more work.
To remove it Open ADSIedit.msc on Domain Controller
Expand Services> Microsoft Exchange> Right Click and Go to Properties and then look for Globaladdresslist and Globaladdresslist2.
From the above the above script we found the corrupted entries in Globaladdresslist. Hence, Select Globaladdress list and click Edit. You will see the corrupted entry and remove them.
Then I was able to successful create new global address list
Hope it was informative.
And a word of caution... Always backup and create a recovery point and document everything you have done...