Exchange RUS in Co-exhistance producing 8270 Error

I am currently migrating two domains from an exchange 2003 environment to 2007

the exchange 2003 system sits in a child domain along with all of the production users. i am installing exhcange 2007 into the root domain.
Users in the root domain are not being updated by the 2003 recipient update policy, and i am contunually recieving error messages from the RUS service on
on the 2003 system saying that the server does not have LDAP permissions over the user object in the root domain.
i have read around the usual forums and found that alot of these issues are to do with permissions not inheriting from the above containers in ADSI edit.
this however is not the issue as i have checked the effective permissions on the user objects on the root domain, and all exchange servers in the child domain
have the correct permissions to the user objects.

furthermore i am recieving error messages when creating new mailboxes on the root domain 2007 system.

'The Exchange server address list service failed to respond. This could be because of an address list or email address policy configuration error.'

Im sure that these two issues are the same.

Thanks in advance for any advice

Who is Participating?
s1d3wind3rAuthor Commented:
Just a quick note to round this one off.

eventually i stumbled upon this post from MSEXCHANGETEAM which answered the issue

This error you are getting since you Microsoft Exchange System Attendent service is not started. You can start the same on Exchange 2007 server and then let me know if in case still the issue persists.

s1d3wind3rAuthor Commented:
Hi x-sam,

The System Attendant service was already started on all the 2007 servers. restarted on all the boxes and same issue occured

any other thoughts?

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

You can run setup /pl to prepare the exchange legacy permission and the run setup /prepareAD. This should resolve the issue.

Any specific event id on the application log on either Exchange 2003 or Exchange 2007?

s1d3wind3rAuthor Commented:
have run preparelegacyexchangepermissions, prepareAD and PrepareAllDomains in both domains

there are only a couple of errors in the logs. both seem to indicate the exchange servers in the child domain do not have permission to update the exchange fields in the root domain:

Event Type:      Error
Event Source:      MSExchangeAL
Event Category:      LDAP Operations
Event ID:      8270
Date:            02/05/2009
Time:            20:48:42
User:            N/A
Computer:      <exchange2003node>
LDAP returned the error [32] Insufficient Rights when importing the transaction
dn: <GUID=AE5F7177356D0A438691EF037E1F718D>
changetype: Modify
textEncodedORAddress:c=GB;a= ;p=ExchangeOrg;o=Exchange;s=TEST 08;g=Account;
showInAddressBook:add:CN=All Users,CN=All Address Lists,CN=Address Lists Container,CN=EPLC,CN=Microsof...
: CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Cont...

For more information, click

I have asked a similar question here:

Were the symptoms described there the same as you were experiencing? Also, when you ran this script did it sort out the problems for new 2003 mailboxes, and the 'email addresses' tab being blank?

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.