I hope someone can help. I am setting up a test AD/Exchange environment and am having some issues with Exchange.
One Forest/domain (ForestA), with 2 child domains (DomainA, DomainB).
Each domain has 2 DCs (i.e. ForestA-DC1/ForestA-DC2).
All DCs in entire forest located in single AD site.
GC located on *-DC2 server in each domain (3 GCs total).
All windows 2003 Standard R2 SP2.
Exchange 2003 SP2.
One exchange server installed into DomainA domain (Exchange1).
Domainprep ran in all 3 domains.
Forest prep ran in forest domain.
Problem: When I mail enable accounts in DomainA the recipient policy works fine. Mail-enabled accounts in either the parent/forest domain, or second child domain never get SMTP addresses applied.
Turned up logging on ExchangeAL/SA to find any issues. Noted LDAP operations seem to only occur for DomainA (no other domain). It's as if exchange isn't even trying to look for accounts in the other domains.
Figured the above was due to lack of RUS for the other domains. Tried to add RUS for ForestA and DomainB, but get error:
> The specified group type is invalid.
> Facility: Win32
> ID no: c0072141
> Exchange System Manager
Early research hints at problem being related to lack of GC for those domains. I have proper GCs and replication looks good. I did note that under the DSAccess tab in the Exchange server, the only GC listed is the one GC in DomainA. Is this a problem? Discovery is set to Auto. Why isn't it pulling a GC from each domain?
I also found some posts saying when a child domain is patched with Windows Service Pack 2, this problem ends up as a result. Could this be? I see nothing on MS's site relating to this. See post here: http://forums.msexchange.org/m_1800442899/mpage_1/key_/tm.htm#1800449595
I don't know what else to do. I tried re-running domainprep on DomainB and it completed successfully but still cannot apply RUS for that domain.
*EDITED* I enabled some higher logging on the DSAccess itself and found that it is indeed seeing everything it needs to see in terms of topology discovery. It doesn't look like my issue is lack of GCs or ability to see them.
> Process MAD.EXE (PID=2112). DSAccess has discovered the following servers with the following characteristics:
> (Server name | Roles | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
> ForestA-DC1.ForestA.Local CD- 6 6 0 0 0 1 6 1
> ForestA-DC2.ForestA.Local CDG 7 7 1 0 0 1 7 1
A.Local CD- 6 6 0 0 1 1 6 1
A.Local CDG 7 7 1 0 1 1 7 1
A.Local CD- 6 6 0 0 0 1 6 1
A.Local CDG 7 7 1 0 0 1 7 1