Problem connecting and creating AD account via Exchange 2010 new mailbox wizard
We have Exchange 2010, when creating a known existing AD account(new user), populate all the fields and when clicking finish get the attached error. We have on AD DC and when I show FSMO, all point to this DC.
Where can I look to fix this problem?
Test-account-build-with-Exchange.png
Where can I look to fix this problem?
Test-account-build-with-Exchange.png
Check if your active directory replication is working
run dcdiag /v and post output here
Also run repadmin /showrepl and check if replication is successful
You need to make sure that every DC in domain can show same RID master server
Means you need to run netdom query fsmo command on every DC in domain for verification
You need to install 2003 SP2 support tools on 2003 domain controllers to get netdom utility
The above situation may occurs when AD unable to decide who has got originally RID master FSMO role
Check below workaround as well
http://support.microsoft.com/kb/2028216
http://support.microsoft.com/kb/822053
http://support.microsoft.com/kb/839879
Mahesh.
run dcdiag /v and post output here
Also run repadmin /showrepl and check if replication is successful
You need to make sure that every DC in domain can show same RID master server
Means you need to run netdom query fsmo command on every DC in domain for verification
You need to install 2003 SP2 support tools on 2003 domain controllers to get netdom utility
The above situation may occurs when AD unable to decide who has got originally RID master FSMO role
Check below workaround as well
http://support.microsoft.com/kb/2028216
http://support.microsoft.com/kb/822053
http://support.microsoft.com/kb/839879
Mahesh.
ASKER
The reverse works, yes. We have to create AD account, the use Existing User.
1 DC...the other failed a couple months ago. Lot of replication errors about that in Event Viewer.
Where do I check in Exchange?
1 DC...the other failed a couple months ago. Lot of replication errors about that in Event Viewer.
Where do I check in Exchange?
ASKER
I knew there were some issues with replication, as the secondary DC failed a couple months ago.
FSMO points to the current and only DC.
Schema owner TSN-RAL-FILE01.tsn.corp
Domain role owner TSN-RAL-FILE01.tsn.corp
PDC role TSN-RAL-FILE01.tsn.corp
RID pool manager TSN-RAL-FILE01.tsn.corp
Infrastructure owner TSN-RAL-FILE01.tsn.corp
showrepl.txt
dcdiag.txt
FSMO points to the current and only DC.
Schema owner TSN-RAL-FILE01.tsn.corp
Domain role owner TSN-RAL-FILE01.tsn.corp
PDC role TSN-RAL-FILE01.tsn.corp
RID pool manager TSN-RAL-FILE01.tsn.corp
Infrastructure owner TSN-RAL-FILE01.tsn.corp
showrepl.txt
dcdiag.txt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Mahesh: thank you...I've started this process.
What is "Server entry in AD sites and services?"
Also get the following when I start to remove domain controller, should I just remove or something else first?
print01-DC-warning.png
What is "Server entry in AD sites and services?"
Also get the following when I start to remove domain controller, should I just remove or something else first?
print01-DC-warning.png
Under Ad sites and services you will find stale server object without referencing to anybody
You need to delete that as well.
Also you can ignore warning and go ahead
You need to delete that as well.
Also you can ignore warning and go ahead
ASKER
Can't remove this here Ad sites and services.....following error
print01-DC-warning-2.png
print01-DC-warning-2.png
ASKER
I got it. Had to remove each object one at a time.
If you receive a message that states the server is a container that contains other objects, verify that the appropriate decommissioning of services has completed before continuing.
If you receive a message that states the DSA object cannot be deleted, you may be attempting to delete an active domain controller.
http://support.microsoft.com/kb/216364
Just ensure 1st that Dc in the message is not on network and active.
Open adsiedit.msc, add default naming context there and check what else objects are dependent on that DC
if your DC is really already remove from network, use ntdsutil to cleanup metadata from active directory 1st as mentioned in KB article in earlier comment
http://support.microsoft.com/kb/216498
Mahesh
If you receive a message that states the DSA object cannot be deleted, you may be attempting to delete an active domain controller.
http://support.microsoft.com/kb/216364
Just ensure 1st that Dc in the message is not on network and active.
Open adsiedit.msc, add default naming context there and check what else objects are dependent on that DC
if your DC is really already remove from network, use ntdsutil to cleanup metadata from active directory 1st as mentioned in KB article in earlier comment
http://support.microsoft.com/kb/216498
Mahesh
ASKER
Now I'm at this screen..not sure what to do here.
print01-DC-warning-3.png
print01-DC-warning-3.png
just type ? and hit enter, you will find all options
You need to select site, domain and dc name lastly one by one
if you don't find DC name in question, probably you don't have that one in metadata
if not, in that case i think you can simply delete that DC from adsiedit.msc
You need to select site, domain and dc name lastly one by one
if you don't find DC name in question, probably you don't have that one in metadata
if not, in that case i think you can simply delete that DC from adsiedit.msc
ASKER
The DC was not listed in ntdsutil nor adsiedit.msc. Is this normal and am I done? Do I need to restart anything?
So I think DC object is listed in AD sites and services some where, please check that
In order to remove that connect to configuration partition through adsiedit.msc and delete the DC in error from there
Also check if DC in error is configured some where in MS Exchange as configuration DC, if found just delete from there and your problem should get resolved
http://social.technet.microsoft.com/Forums/exchange/en-US/924f0b55-5819-4d44-8606-554e05769ac5/changing-dc-used-by-exchange-2010?forum=exchange2010
http://forums.msexchange.org/m_1800480281/tm.htm
In order to remove that connect to configuration partition through adsiedit.msc and delete the DC in error from there
Also check if DC in error is configured some where in MS Exchange as configuration DC, if found just delete from there and your problem should get resolved
http://social.technet.microsoft.com/Forums/exchange/en-US/924f0b55-5819-4d44-8606-554e05769ac5/changing-dc-used-by-exchange-2010?forum=exchange2010
http://forums.msexchange.org/m_1800480281/tm.htm
ASKER
It was here but was removed......
Also see nothing in exchange, except use default controller.
print01-DC-warning-4.png
Also see nothing in exchange, except use default controller.
print01-DC-warning-4.png
So are you stll facing issue with Exchange while creating object
ASKER
WooHOOO!!! You da man Mahesh!! Thank you sir!
ASKER
Great working with you....thanks Mahesh!
How many domain controllers do you have? do you see any other error on domain controllers' event logs or on exchange server's event logs?