Event ID 8270 LDAP Returned the error [35] Unwilling to Perform when importing

Hi i have an AD with two domains i the same forrest. I have one Exchenge 2003 server i one of the domains. Now i'm trying to add users fron the other domain in the existing Exchange server. I have runned domainprep in all domains and created a RUS for all domains. But i receive the following error message

Event ID 8270 LDAP Returned the error [35] Unwilling to Perform when importing the transaction dn: <SID=xxx>
Changetype: Modify
member: Add:<GUID=xxxx>

DC=(name),DC=(name)

The only thing i found so far on the webb relates to comunication errors.

Any idea someone
065362016Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rakeshmiglaniCommented:
is this a parent child domain setup or are these two domains two seprate trees?
do you mean to say that you have already created a Domain RUS for the other domain?
0
aa230002Commented:
Did you upgrade this Exchange 2003 from Exchange 2000 / Exchange 5.5 in the past? Did you have Exchange 5.5 ever in this Exchange organization in the past?
What service packs you have on Exchange and which version of Active Directory you have? Windows 2000 or Windows 2003?

Thanks,
Amit Aggarwal.
0
065362016Author Commented:
is this a parent child domain setup or are these two domains two seprate trees?
- It's two domains on two different trees in the same forrest.

do you mean to say that you have already created a Domain RUS for the other domain?
- yes. The creation did pass without any errors (as created) but the error in event wiever came at that time
we had a LDAP error [20] before but sins we added Exchange groups in the other domains default User group


Did you upgrade this Exchange 2003 from Exchange 2000 / Exchange 5.5 in the past?
- The Exchange server is installed from scratch.

What service packs you have on Exchange and which version of Active Directory you have? Windows 2000 or Windows 2003?
- The AD is 2003 The Exchanege sever is runing on a Windows failover cluster and has only service pac 1

One of the things that dosen't work is to open the other domain from users & computers on the Exchange server. When i try to look at properties of a user a get an error flash stating that ID 80004005 is wrong. But that seems to be OK (as far as i can see) But if i open one of the domaincontrolers (direct) of the other domain, I can manage users with out any problem

Thanks
Lars Oscarsson  
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

aa230002Commented:
Even if its two domains on two different trees in the same forest, there has to be a root domain (domain which created this forest). So, the question here is, is your exchange installed in the root domain or in the other domain?

Thanks,
Amit Aggarwal.
0
065362016Author Commented:
Exchange is installed in the root domain

// Lars O
0
aa230002Commented:
Is your Exchange server 2003 running on Windows server 2003? if yes, do you have SP1 applied on Windows Server 2003?
Do you have SP1 applied on your Windows Server 2003 Domain Controllers?

Thanks,
Amit Aggarwal.
0
065362016Author Commented:
All servers running Exchange and AD have SP1 installed. But i just saw that Microsoft has recognised this as an error
se technet 839912. I have just contacted them to receive the hotfix for this problem. Hopefully it solvs the problem.

// Lars O
0
aa230002Commented:
I had checked this KB earlier, but all things doesnt match in this. Did you ever have the Exchange in the other domain and removed it in the past?
still, you can go ahead with the hotfix and see if it solves your problem.
One more question -> when did you experience this problem "When i try to look at properties of a user a get an error flash stating that ID 80004005 is wrong" after applying SP1 on Windows server 2003?

Thanks,
Amit Aggarwal
0
aa230002Commented:
Do you have this fix applied on your Exchange cluster?

Exchange 2003 back-end clusters needs an update when Windows 2003 Service Pack 1 is applied:
"500 - Internal server error" error message when a user tries to access a clustered Exchange Server 2003 back-end server by using Outlook Web Access: http://support.microsoft.com/kb/841561

Thanks,
Amit Aggarwal.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
065362016Author Commented:
This problem has been here (as long as i have atleast) We updated the other DC with SP1 (Contains FSMO roles) the other day.
We had an issue with rights earlier resulting in an LDAP [20] error, but that's fixed now. It could be that Site replication has fixed
som of our prblems with the Recipient update, cos now mailboxes appear directly and it works to log on to the OWA.

But will install the hotfix to se if the LDAP [35] error dissapears.

// Lars O
0
065362016Author Commented:
Nu the patch did'nt solw the problem. Could this be a Rights problem ?
SP 2 is installed now

// Lars O
0
065362016Author Commented:
Does anyone know of a tool i could use to se what user/object the sid in the error message refers to?

// Lars O
0
aa230002Commented:
There is no way that you can query Active Directory using ObjectGUID. The only thing you can do is that export all objects in Active directory with their respective ObjectGUIDs in an excel sheet and then search in this Excel sheet for the objectGUID, you are looking for.

Use CSVDE to export Active Directory to an Excel Sheet. Run CSVDE /? from command prompt for all options.

Thanks.
Amit Aggarwal.
0
065362016Author Commented:
I have tried to find the GUID bu i didn't find it. But sins everything else works i'll drop this for now.

Regards
Lars Oscarsson
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.