Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Event ID 8270

Posted on 2005-04-25
Medium Priority
Last Modified: 2012-06-27
Hi Experts,

I have two exchange servers, one is on the parent domain. The other is on the child domain. I uninstalled then reinstalled the Exchange Server on child domain. The exchange server on the child domain now generating the error message below in the event viewer every 5 mins. The exchange servers are able to send and receive email without any problems.

4/25/2005     8:22:01 PM     MSExchangeAL     Error     LDAP Operations      8270     N/A     MX1PH     "LDAP returned the error [32] Insufficient Rights when importing the transaction
dn: CN=Recipient Update Service (PH),CN=Recipient Update Services,CN=Address Lists Container,CN=XPERTALK,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=xpertalk,DC=com
changetype: Modify

I have checked the domain controllers and i dont see any error. I have also checked the exchange server on the parent domain and it is also clean. I have setup a test lab and have replicated the problem on the lab. On the lab i was able to resolve this by uninstalling exchange and demoting the domain controller for the child domain. After that I promotted it back to DC for the child domain and reinstalled exchange. I dont want to do this for our live network.

Please help.

Question by:lapukman
  • 2
  • 2
  • 2
LVL 18

Assisted Solution

by:John Gates, CISSP
John Gates, CISSP earned 500 total points
ID: 13858318
In a multiple domain environment this problem appeared because the Exchange Domain Servers group from a remote domain was not included in the local Exchange Enterprise Servers group for our domain. Once the remote group was included the errors stopped. Refer to Microsoft TechNet Article 313167.

Do this and all will be well.


Author Comment

ID: 13864686
Hi Dimante,

I read the technet article that u mentioned.  DNS and network connectivity are ok.  I checked the Exchange Domain Servers group,  all the Exchange Domain Servers group from each of our domain are included  as members.

I still am getting the error every 5 mins.

LVL 14

Accepted Solution

alimu earned 500 total points
ID: 13865281
see eventid.net at http://www.eventid.net/display.asp?eventid=8270&eventno=332&source=MSExchangeAL&phase=1
specifically Adrian Grigorof's comment about hidden recipient lists and q287137
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 13892668
Hi Alimu,

Checked out the link u indicated. Seems like the site is subscription based so i was not able to check   q287137.

Anyway, we also looked at alot of Microsoft docs on event ID 8270 , but most are pointing to error 34.

Anyways, out of frustation, we have just installed the OS and Exchange from scratch. The 8270 event IDs are gone.

LVL 18

Expert Comment

by:John Gates, CISSP
ID: 13893755
You should post to have this question deleted and your points refunded.

LVL 14

Expert Comment

ID: 13893917
Hi lapukman,
you can't get any further than the link I posted because yes, it's subscription based.  The information they post on the main event description pages, however, is usually of some use and you can generally get to the links in other ways.
I'm sorry I didn't explain better, Q articles like q287137 are Microsoft articles so you just google them and you can get there that way.  http://eventid.net is a great place to go to get initial info on a windows error, even if you can't get all the way into the site.
I pointed you at this particular explanation because the error you posted in your original question
"LDAP returned the error [32] Insufficient Rights when importing the transaction" indicates that the 8270 error was an error 32.

I'll close this question and refund your points if you would like but I think it has a couple of possible solutions included that would be useful as a PAQ so I'd prefer not to delete it entirely.  

Let me know how you would like to proceed.
Page Editor.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Loops Section Overview
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question