LNISupport
asked on
AD users do not show up in new mailbox wizard/exchange 2010
I have an unusual issue and have found no reference to it online. Through all of this I have receive no errors or warnings in the system logs.
When I create a new user in Active Directory and then try to create an associated mailbox in Exchange 2010, no users (Except for 4 old accounts) can be found at all. If I create a new user in exchange when I create the mailbox the account works fine but does not appear anywhere in ADUAC. If I create the new user and mailbox with powershell they appear in both ADUAC and the EMC. Since I have a feeling that this is a symptom of worse things to come, I want to correct it ASAP
Any Thoughts on this?
Thanks
When I create a new user in Active Directory and then try to create an associated mailbox in Exchange 2010, no users (Except for 4 old accounts) can be found at all. If I create a new user in exchange when I create the mailbox the account works fine but does not appear anywhere in ADUAC. If I create the new user and mailbox with powershell they appear in both ADUAC and the EMC. Since I have a feeling that this is a symptom of worse things to come, I want to correct it ASAP
Any Thoughts on this?
Thanks
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Did you applied any SP to Exchange? Any changes to AD lately?
Run Exchange Best Practice Analyzer tool - (in health check mode)
Reboot your DC and Exchange one by one. Check and Test again.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
We found a cobbled solution from multiple sources online
ASKER
To close out this thread in a more thorough fashion and help others in a similar situation, here is the procedure for what we did:
The procedure for resetting the Kerberos service when it stops active directory replication cease. Common errors received are:
- Inconsistency between AD databases on multiple DCs
- Lack of ability to replicate databases between DCs
- Inconsistency between AD and Exchange
- Errors returned as “Target principal name is incorrect”, “<FSMO ROLE> not responding to bind”, “destination server is currently rejecting replication request”, Kerberos errors returned from running DCDIAG
The DC which holds the PDC emulator FSMO will be referred to as DC1 and the secondary non PDC emulator DC will be referred to as DC2. The following must be performed explicitly
1. To be performed on DC2:
- Net stop kdc
- Klist purge
- Netdom resetpwd /s:DC2 /ud:domainname\administrat or /pd:*
- Net start kdc
Reboot Machine
- Net stop kdc
- Netdom resetpwd /s:DC1 /ud:domainname\administrat or /pd:*
- Net start kdc
2. To be performed on DC1
- Net stop kdc
- Klist purge
- Netdom resetpwd /s:DC1 /ud:domainname\administrat or /pd:*
- Net start kdc
Reboot Machine
- Net stop kdc
- Netdom resetpwd /s:DC2 /ud:domainname\administrat or /pd:*
- Net start kdc
3. To be performed on DC2
- Repadmin /options DC2 –DISABLE_OUTBOUND_REPL
- Repadmin /options DC2 –DISABLE_INBOUND_REPL
4. To be performed on DC1
- Repadmin /options DC1 –DISABLE_OUTBOUND_REPL
- Repadmin /options DC1 –DISABLE_INBOUND_REPL
5. Test for AD replication to verify
The procedure for resetting the Kerberos service when it stops active directory replication cease. Common errors received are:
- Inconsistency between AD databases on multiple DCs
- Lack of ability to replicate databases between DCs
- Inconsistency between AD and Exchange
- Errors returned as “Target principal name is incorrect”, “<FSMO ROLE> not responding to bind”, “destination server is currently rejecting replication request”, Kerberos errors returned from running DCDIAG
The DC which holds the PDC emulator FSMO will be referred to as DC1 and the secondary non PDC emulator DC will be referred to as DC2. The following must be performed explicitly
1. To be performed on DC2:
- Net stop kdc
- Klist purge
- Netdom resetpwd /s:DC2 /ud:domainname\administrat
- Net start kdc
Reboot Machine
- Net stop kdc
- Netdom resetpwd /s:DC1 /ud:domainname\administrat
- Net start kdc
2. To be performed on DC1
- Net stop kdc
- Klist purge
- Netdom resetpwd /s:DC1 /ud:domainname\administrat
- Net start kdc
Reboot Machine
- Net stop kdc
- Netdom resetpwd /s:DC2 /ud:domainname\administrat
- Net start kdc
3. To be performed on DC2
- Repadmin /options DC2 –DISABLE_OUTBOUND_REPL
- Repadmin /options DC2 –DISABLE_INBOUND_REPL
4. To be performed on DC1
- Repadmin /options DC1 –DISABLE_OUTBOUND_REPL
- Repadmin /options DC1 –DISABLE_INBOUND_REPL
5. Test for AD replication to verify
We have seen GAL issues before, is this thread the path to your solution?