Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

New Exchagne 2010 server can't see AD users to create new mailbox's

Posted on 2013-12-17
6
Medium Priority
?
405 Views
Last Modified: 2014-01-08
This seems like a very strange issue.  OK, I have Exchange 2010 SP1 on Server 2008. Two DC both Server 2008.  

When I go to add mailbox's via Exchange console, I search for AD users and only the users I created within the past 5 days show up.  I even created a test account prior to this question and it shows up.  However, all of the original users do not show up.  Keep in mind, the test account I created is in the same OU as all of the other accounts.  

I am also getting MSExchange ADAccess warnings on all of the existing users...

Process w3wp.exe () (PID=4364). Recipient object CN=user,OU=Phone Team,OU=Employees,DC=domain,DC=com read from server-Server.domain.com failed validation and will be excluded from the result set.  Set event logging level for Validation category to Expert to get additional events about each failure.

Please assist me with this one.  I am lost!
0
Comment
Question by:sXmont1j6
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 39725382
First guess is that at one time someone went and changed the permissions on one of your AD subtrees and had the permissions propogate to all child objects. Those objects, if the permissions were set wrong, would be unreadable by Exchange. New objects would, of course, get default permissions and work fine.

Compare the permissions on two objects, one that works, and one that doesn't, and find out where they got changed.
0
 

Author Comment

by:sXmont1j6
ID: 39725657
I am sorry, I don't know what you mean, permissions on the user objects?  I am not clear on what you want me to compare.
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39725952
What Exchange role permissions you have on account used for creating mailboxes?
Check below article for role assignment
http://blog.pluralsight.com/exchange-2010-role-based-access-control
Try creating new user with recipient management \ organization management permissions and check if he is able see all users in AD
Also you need to add above id to local administrators group on exchange server

If above works, then you can compare permissions of old ID with new one.

Mahesh
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39729358
First - Exchange 2010 SP1 is very old and no longer supported. The first thing I would do is upgrade to Exchange 2010 Sp3 and the latest rollup so that you are on a supported platform.

If the users are all in the same OU, then in the properties of the OU reset the inheritance, to include the child objects. As already pointed out, this probably does not include the Exchange system objects. It could also be that inheritance is disabled on those objects and you need to enable it.

Simon.
0
 

Accepted Solution

by:
sXmont1j6 earned 0 total points
ID: 39754266
The problem was that I was on a hosted platform and AD already saw that the accounts had mailboxes.  I had to disable them and then re-add the accounts in Exchange.
0
 

Author Closing Comment

by:sXmont1j6
ID: 39764678
The problem was that I was on a hosted platform and AD already saw that the accounts had mailboxes.  I had to disable them and then re-add the accounts in Exchange.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question