• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 420
  • Last Modified:

New Exchagne 2010 server can't see AD users to create new mailbox's

This seems like a very strange issue.  OK, I have Exchange 2010 SP1 on Server 2008. Two DC both Server 2008.  

When I go to add mailbox's via Exchange console, I search for AD users and only the users I created within the past 5 days show up.  I even created a test account prior to this question and it shows up.  However, all of the original users do not show up.  Keep in mind, the test account I created is in the same OU as all of the other accounts.  

I am also getting MSExchange ADAccess warnings on all of the existing users...

Process w3wp.exe () (PID=4364). Recipient object CN=user,OU=Phone Team,OU=Employees,DC=domain,DC=com read from server-Server.domain.com failed validation and will be excluded from the result set.  Set event logging level for Validation category to Expert to get additional events about each failure.

Please assist me with this one.  I am lost!
0
sXmont1j6
Asked:
sXmont1j6
1 Solution
 
Cliff GaliherCommented:
First guess is that at one time someone went and changed the permissions on one of your AD subtrees and had the permissions propogate to all child objects. Those objects, if the permissions were set wrong, would be unreadable by Exchange. New objects would, of course, get default permissions and work fine.

Compare the permissions on two objects, one that works, and one that doesn't, and find out where they got changed.
0
 
sXmont1j6Author Commented:
I am sorry, I don't know what you mean, permissions on the user objects?  I am not clear on what you want me to compare.
0
 
MaheshArchitectCommented:
What Exchange role permissions you have on account used for creating mailboxes?
Check below article for role assignment
http://blog.pluralsight.com/exchange-2010-role-based-access-control
Try creating new user with recipient management \ organization management permissions and check if he is able see all users in AD
Also you need to add above id to local administrators group on exchange server

If above works, then you can compare permissions of old ID with new one.

Mahesh
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Simon Butler (Sembee)ConsultantCommented:
First - Exchange 2010 SP1 is very old and no longer supported. The first thing I would do is upgrade to Exchange 2010 Sp3 and the latest rollup so that you are on a supported platform.

If the users are all in the same OU, then in the properties of the OU reset the inheritance, to include the child objects. As already pointed out, this probably does not include the Exchange system objects. It could also be that inheritance is disabled on those objects and you need to enable it.

Simon.
0
 
sXmont1j6Author Commented:
The problem was that I was on a hosted platform and AD already saw that the accounts had mailboxes.  I had to disable them and then re-add the accounts in Exchange.
0
 
sXmont1j6Author Commented:
The problem was that I was on a hosted platform and AD already saw that the accounts had mailboxes.  I had to disable them and then re-add the accounts in Exchange.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now