Failed to create New Global Address List on Exchange 2010

Published on
10,958 Points
2 Endorsements
Last Modified:
Failed to create New Global Address List on Exchange 2010

Problem Description:

Last week I was trying to create a new global address list on Exchange 2010 SP3 under test environment.

To create a new global address list, run the below command in exchange management shell.
New-GlobalAddresslist “ORG-A.” –ConditionalCustomAttribute1 “ORGA” –IncludedRecipients “AllRecipients”

Open in new window

But, and unexpectedly, I got the following error
WARNING: One or more global address lists were missing from the Active Directory attribute.  This is likely caused by using legacy Exchange management tools to create global address lists.
Active Directory operation failed on ex01.testlab.com. This error is not retriable. Additional information: The name reference is invalid.
This may be caused by replication latency between Active Directory domain controllers.
Active directory response: 000020B5: AtrErr: DSID-0315286E, #1:
    0: 000020B5: DSID-0315286E, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 907ff (globalAddressList2)
    + CategoryInfo          : NotSpecified: (0:Int32) [New-GlobalAddressList], ADConstraintViolationException
    + FullyQualifiedErrorId : AD44A06F,Microsoft.Exchange.Management.SystemConfigurationTasks.NewGlobalAddressList

Open in new window


Seems simple enough... But like a lot of MS error messages, it normally needs / always advise doing a fair bit of research before diving in - especially with GAC type issues.

In searching for a solution, I came across a few references...
First was : http://social.msdn.microsoft.com/Forums/en-US/3210af54-d8b4-490f-9f5f-f4fc3209d324/newglobaladdresslist-fails-ad44a06f?forum=os_exchangeprotocols
And a great powershell script (inspired the script below) from : http://social.technet.microsoft.com/Forums/exchange/en-US/52854856-f517-4827-b3d3-3e589a422672/exchange-2010-sp-2-cant-create-second-gal?forum=exchange2010hosters

This article is a summation and adaption from the two links above and was then able to solve my problem.

The fix amounted to : We need to delete the corrupted entries in Global Address List.

Step 1 Find the problem

To clean up the corrupted entries, we need to first find those corrupted entries in GAL. To do that, run the below script in PowerShell on the Domain Controller and write down / keep the results as they are displayed.

$ad = [ADSI]"LDAP://rootDSE";
$domain = $ad.rootDomainNamingContext;
$obj = New-Object System.DirectoryServices.DirectoryEntry("LDAP://CN=Microsoft Exchange,CN=Services,CN=Configuration,$domain"); 

$count = 0;
$Gals1= $obj.GlobalAddressList;
foreach($g in $Gals1)
   $g= $g.ToString().ToLower(); 
   if($g.Contains("cn=deleted objects"))
      Write-Host $g;
      $count= $count +1;  

Write-Host "$Count corrupted GAL entries found in property GlobalAddressList";

$count = 0;
$Gals2= $obj.GlobalAddressList2;
foreach($g in $Gals2)
   $g= $g.ToString().ToLower();
   if($g.Contains("cn=deleted objects"))  
      Write-Host $g;          
      $count= $count +1;  
Write-Host "$Count corrupted GAL entries found in property GlobalAddressList2";

Open in new window

You will find the corrupted entries (if any) similarly to those shown below. Your focus is on the entry that clearly shows 'n' corrupted entries found ...
cn=myglobaladdresslist2\0adel:6931193c-3362-489b-a766-4d1820704080,cn=deleted objects,cn=configuration,dc=testlab,dc=com
1 corrupted GAL entries found in property GlobalAddressList
0 corrupted GAL entries found in property GlobalAddressList2

Open in new window

Step 2 - Cleanse

Now you are ready to remove them manually, and take great care at this stage because you want to make very sure that you only "fix" the real problem and not create more work.

To remove it Open ADSIedit.msc on Domain Controller

Expand Services> Microsoft Exchange> Right Click and Go to Properties and then look for Globaladdresslist and Globaladdresslist2.

From the above the above script we found the corrupted entries in Globaladdresslist. Hence, Select Globaladdress list and click Edit. You will see the corrupted entry and remove them.

Then I was able to successful create new global address list

Hope it was informative.

And a word of caution... Always backup and create a recovery point and document everything you have done...

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Join & Write a Comment

This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month