AD\Exchange duplicate accounts and deleted items problems

Posted on 2004-09-23
Last Modified: 2012-06-21

We have what I assume to be a serious issue with our Exchange server and\or our Win2k AD.

A few months back we completed the migration from exchange 5.5 to 2000, including a migration to AD from NT4. It all went well. However, recently we realised that we had been having a replication between the domain controllers in our 3 domains and root domain - it was a routing and firewall issue. Anyway, the routing problem was fixed and all the domain controllers can now replicate to each other.

We have recently been receiving a number of errors in the exchange application event logs -


EventID 9514

DEL:6F6027B9-97A9-4480-9210-4FACB3E42A5C/CN=FAYE CHAPMAN.


EventID 9549

An ambiguous SMTP proxy was found on 0x2 mailboxes in the DS.  The store cannot map this SMTP proxy to a unique Mailbox GUID.


This has only started happening since the replication problem was fixed. I'm under the impression that a GC domain controller had a lot of old information stored on it, and now this information has been replicated back to the rest of the domains. The outcome of this is that users sporadically cannot receive external email, because there are 2 instances of their SMTP address in AD - one in the OU where they should be, and another in the DELETED OBJECTS OU. When the users were originally migrated from exchange 5.5, their disabled account was put into the EXCHANGE 5.5 USERS OU, I then deleted the whole OU when the migration was complete.

What I don't understand, is this: When you delete and object in AD, it enters a tombstone period, set at 60 days. You should be able to reuse any of the details associated with this account right away though - so why are the SMTP addresses of accounts that have been deleted from the system interfering with live accounts?

I have already attempted to view the deleted objects in question, as outlined in;EN-US;258310 , but I can not find any of the SMTP addresses or user accounts that are conflicting. I have used the LDIFDE utility to try and find the deleted objects that are conflicting, but to no avail - I can find plenty of deleted objects, just no duplicates, so it's not that I can't find data, it's that the right data isn't there.

What I would like to do is to find out where AD and EXCHANGE are getting the details about these old accounts and the DELETED OBJECTS OU - it doesn't seem to be anywhere and I cannot find any of the duplicated SMTP addresses. I have also changed the tombstone period to 1 day from the 60 days, and the problem has persisted. Perhaps the deleted items haven’t been tombstoned at all and not deleted properly from AD and this is where the error comes from?


Anyway, help would be appreciated. Microsoft have been looking at this for me for over a week and they have got absolutely nowhere (which is my usual experience with them) so high points will be awarded!

Many thanks

Question by:DrWu
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 15

Accepted Solution

Yan_west earned 500 total points
ID: 12134044
For error 9514

Removing Duplicate and Unwanted Proxy Addresses in Exchange;en-us;Q318774

As per Microsoft: "The same SMTP proxy address has been assigned to more than one object in Microsoft Windows 2000 Active Directory". Search for an event 9514 witch indicates which objects have the  address. See Q269498 for more details.;en-us;Q269498

Author Comment

ID: 12134100
Thanks Yan

I have already done;en-us;Q318774 - the smtp address duplicates are not accessable in AD through a custom search, or using LDIFDE. I am aware of which addresses are duplicated, but they are not there in AD!




Author Comment

ID: 12158592
Any more help on this issue guys? I'm pulling my hair out and Microsoft are doing jack to help!

LVL 15

Expert Comment

ID: 13458876
Did you fix it?

Author Comment

ID: 13458943
Hi yan

Yes, after much hassle.

It turned out that a domain controller in another domain and network had lost replication with the main domain for a few months and was brought back online - it told the other DC's that a load of delted items were not infact deleted and this messed up the DCs tombstoned lists. I had to used LDP to find out the guids of deleted objects and manually remove them from the DCs.

Took ages, but this helped me a lot!


Featured Post

Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question