Exchange RUS in Co-exhistance producing 8270 Error

Posted on 2009-05-04
Last Modified: 2012-08-13
I am currently migrating two domains from an exchange 2003 environment to 2007

the exchange 2003 system sits in a child domain along with all of the production users. i am installing exhcange 2007 into the root domain.
Users in the root domain are not being updated by the 2003 recipient update policy, and i am contunually recieving error messages from the RUS service on
on the 2003 system saying that the server does not have LDAP permissions over the user object in the root domain.
i have read around the usual forums and found that alot of these issues are to do with permissions not inheriting from the above containers in ADSI edit.
this however is not the issue as i have checked the effective permissions on the user objects on the root domain, and all exchange servers in the child domain
have the correct permissions to the user objects.

furthermore i am recieving error messages when creating new mailboxes on the root domain 2007 system.

'The Exchange server address list service failed to respond. This could be because of an address list or email address policy configuration error.'

Im sure that these two issues are the same.

Thanks in advance for any advice

Question by:s1d3wind3r
  • 3
  • 2
LVL 17

Expert Comment

ID: 24296014
This error you are getting since you Microsoft Exchange System Attendent service is not started. You can start the same on Exchange 2007 server and then let me know if in case still the issue persists.


Author Comment

ID: 24296201
Hi x-sam,

The System Attendant service was already started on all the 2007 servers. restarted on all the boxes and same issue occured

any other thoughts?

LVL 17

Expert Comment

ID: 24296225
You can run setup /pl to prepare the exchange legacy permission and the run setup /prepareAD. This should resolve the issue.

Any specific event id on the application log on either Exchange 2003 or Exchange 2007?

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.


Author Comment

ID: 24297312
have run preparelegacyexchangepermissions, prepareAD and PrepareAllDomains in both domains

there are only a couple of errors in the logs. both seem to indicate the exchange servers in the child domain do not have permission to update the exchange fields in the root domain:

Event Type:      Error
Event Source:      MSExchangeAL
Event Category:      LDAP Operations
Event ID:      8270
Date:            02/05/2009
Time:            20:48:42
User:            N/A
Computer:      <exchange2003node>
LDAP returned the error [32] Insufficient Rights when importing the transaction
dn: <GUID=AE5F7177356D0A438691EF037E1F718D>
changetype: Modify
textEncodedORAddress:c=GB;a= ;p=ExchangeOrg;o=Exchange;s=TEST 08;g=Account;
showInAddressBook:add:CN=All Users,CN=All Address Lists,CN=Address Lists Container,CN=EPLC,CN=Microsof...
: CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Cont...

For more information, click

Accepted Solution

s1d3wind3r earned 0 total points
ID: 24426585
Just a quick note to round this one off.

eventually i stumbled upon this post from MSEXCHANGETEAM which answered the issue


Expert Comment

ID: 24764165

I have asked a similar question here:

Were the symptoms described there the same as you were experiencing? Also, when you ran this script did it sort out the problems for new 2003 mailboxes, and the 'email addresses' tab being blank?


Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question