Hi,When exporting an object that is going to be mailbox enabled I get the following error: "ma-extension-error".Looking at the event viewer I see the following events:-------------------------------------------[1] The description for Event ID 6500 from source FIMSynchronizationService cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: There is an error in Exch2007Extension AfterExportEntryToCd() function when exporting an object with DN CN=Max Benson,OU=HR,OU=Users,OU=EMPLOYEES,OU=Org-Users,DC=ADCORP,DC=LAB. Type: Microsoft.Exchange.Configuration.Tasks.ThrowTerminatingErrorException Message: Active Directory operation failed on RFSRWDC1.ADCORP.LAB. The supplied credential for 'ADCORP\SVCR1-ILMENGINE' on Bind operation is invalid. Error Code: 0x31. Stack Trace: at Microsoft.Exchange.Configuration.Tasks.Task.ThrowTerminatingError(Exception exception, ErrorCategory category, Object target) at Microsoft.Exchange.Configuration.Tasks.Task.ProcessUnhandledException(Exception e) at Microsoft.Exchange.Configuration.Tasks.Task.BeginProcessing() at System.Management.Automation.Cmdlet.DoBeginProcessing() at System.Management.Automation.CommandProcessorBase.DoBegin() the message resource is present but the message is not found in the string/message table -------------------------------------------[2] The extensible extension returned an unsupported error. The stack trace is: "Microsoft.MetadirectoryServices.ExtensionException: Active Directory operation failed on RFSRWDC1.ADCORP.LAB. The supplied credential for 'ADCORP\SVCR1-ILMENGINE' on Bind operation is invalid. Error Code: 0x31. at Exch2007Extension.Exch2007ExtensionClass.AfterExportEntryToCd(Byte[] origAnchor, String origDN, String origDeltaEntryXml, Byte[] newAnchor, String newDN, String failedDeltaEntryXml, String errorMessage) Forefront Identity Manager 4.0.2574.0" -------------------------------------------Environmental information:* FIM 2010 RC1 + Update 2* AD MA has option "Enable Exchange 2007 Provisioning" Enabled* Service Account for the Sync Engine --> ADCORP\SVCR1-ILMENGINE* Account used by the AD MA --> ADCORP\SVCR1-ILMMAAD (permissions: create/edit user objects + recipient admin)* Attributes that are populated to trigger Mailbox provisioning: homeMDB and MailNickname* 1 server with AD, Exchnage, SQL and FIMI do not understand the error and especially why the error is referencing the service account of the Sync Engine?Any Ideas?Cheers! Jorge de Almeida Pinto [MVP-DS / AD DS TechNet Forums Moderator] [Sr. Technical Consultant @ Oxford Computer Group] (http://blogs.dirteam.com/blogs/jorge/default.aspx) (http://www.oxfordcomputergroup.com/)

Hi Jorge,Rules extensions (of which the Exchange 2007 extensions technically are) always run in the context of the service, not the account used to configure the MA (used only for connecting during Import/Export operations). Try making the Service account a member of the Exchange Recipient Admins role (I think that's the one).Brad Turner, ILM MVP - Ensynch, Inc - www.identitychaos.com

The account used for the AD ma is the account used to contact exchange, it is passed in the powershell command used to call exchange.THe service account will be used to call the actual dll, so any errors that get thrown in the call will return to the service account...What Exchange tools version do you have installed?? This has been known to cause issues... Definitely install SP2 because there were powershell fixes in that version and previous.I am pretty sure that the service account doesn't have to be in the exchange group because of the powershell command passes the credentials.JoeJoe Stepongzi - Identity Management Consultant - ILM MVP - www.microsoftIdM.com,ilmXframework.codeplex.com

Hi, I am learning FIM2010. I am receiving the same error while provisioning - user id with mail box attributes. Mail enabled user is created insted of mail box user. I have tried all the above mentioned solution. Please help me to get this resolved. Details of my Environment: I am using domain administrator credential for AD MA. AD attributes used in my AD export: displayname,employeeid,employeetype,givenname,mDBusedefaults,mail,mailnickname,samaccountname,sn,useraccountcontrol,homeMDB Using single VM - (FIM,Domain: 2008,Exchange 2007 sp2,Sql2008) Error details from event viewer: The extensible extension returned an unsupported error. The stack trace is: "Microsoft.MetadirectoryServices.ExtensionException: Active Directory operation failed on FIM.fimtest.com. The supplied credential for 'FIMTEST\Fim.Synchronization' on Bind operation is invalid. Error Code: 0x31. at Exch2007Extension.Exch2007ExtensionClass.AfterExportEntryToCd(Byte[] origAnchor, String origDN, String origDeltaEntryXml, Byte[] newAnchor, String newDN, String failedDeltaEntryXml, String errorMessage) Forefront Identity Manager 4.0.2592.0" Note: I received the below error while selecting the Exchange 2007 in Provision for: The synchronization server has detected a Microsoft Exchnage version different from the one you have selected. Do you want to continue? if you belive this is in error, please re-enter forest credentials to run detection again. Regards, Enayathulla S

May be something like this?? http://support.microsoft.com/kb/949858/en-us Regards. Luka