Exchange RUS in Co-exhistance producing 8270 Error

Posted on 2009-05-04
Last Modified: 2012-08-13
I am currently migrating two domains from an exchange 2003 environment to 2007

the exchange 2003 system sits in a child domain along with all of the production users. i am installing exhcange 2007 into the root domain.
Users in the root domain are not being updated by the 2003 recipient update policy, and i am contunually recieving error messages from the RUS service on
on the 2003 system saying that the server does not have LDAP permissions over the user object in the root domain.
i have read around the usual forums and found that alot of these issues are to do with permissions not inheriting from the above containers in ADSI edit.
this however is not the issue as i have checked the effective permissions on the user objects on the root domain, and all exchange servers in the child domain
have the correct permissions to the user objects.

furthermore i am recieving error messages when creating new mailboxes on the root domain 2007 system.

'The Exchange server address list service failed to respond. This could be because of an address list or email address policy configuration error.'

Im sure that these two issues are the same.

Thanks in advance for any advice

Question by:s1d3wind3r
  • 3
  • 2
LVL 17

Expert Comment

ID: 24296014
This error you are getting since you Microsoft Exchange System Attendent service is not started. You can start the same on Exchange 2007 server and then let me know if in case still the issue persists.


Author Comment

ID: 24296201
Hi x-sam,

The System Attendant service was already started on all the 2007 servers. restarted on all the boxes and same issue occured

any other thoughts?

LVL 17

Expert Comment

ID: 24296225
You can run setup /pl to prepare the exchange legacy permission and the run setup /prepareAD. This should resolve the issue.

Any specific event id on the application log on either Exchange 2003 or Exchange 2007?

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!


Author Comment

ID: 24297312
have run preparelegacyexchangepermissions, prepareAD and PrepareAllDomains in both domains

there are only a couple of errors in the logs. both seem to indicate the exchange servers in the child domain do not have permission to update the exchange fields in the root domain:

Event Type:      Error
Event Source:      MSExchangeAL
Event Category:      LDAP Operations
Event ID:      8270
Date:            02/05/2009
Time:            20:48:42
User:            N/A
Computer:      <exchange2003node>
LDAP returned the error [32] Insufficient Rights when importing the transaction
dn: <GUID=AE5F7177356D0A438691EF037E1F718D>
changetype: Modify
textEncodedORAddress:c=GB;a= ;p=ExchangeOrg;o=Exchange;s=TEST 08;g=Account;
showInAddressBook:add:CN=All Users,CN=All Address Lists,CN=Address Lists Container,CN=EPLC,CN=Microsof...
: CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Cont...

For more information, click

Accepted Solution

s1d3wind3r earned 0 total points
ID: 24426585
Just a quick note to round this one off.

eventually i stumbled upon this post from MSEXCHANGETEAM which answered the issue


Expert Comment

ID: 24764165

I have asked a similar question here:

Were the symptoms described there the same as you were experiencing? Also, when you ran this script did it sort out the problems for new 2003 mailboxes, and the 'email addresses' tab being blank?


Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now