All users not showing up from AD
Hi all I have just had an issue appear suddenly and am not sure if I am not doing something correctly or am not ticking the correct box. There have been no fixes or changes done to the server running 2008 and our exchange server is using 2010. We also have 2003 server machines with server 2003 but exchange for this has been disabled by the previous administrator. Since I started a couple of weeks back we have had anything to do with exchange going through 2010. This morning I added a new user in AD and then created a mailbox for that new account. I then allowed a user access to the mailbox. When I went to set the mailbox access through outlook I got the error message that the mailbox could not be found on the exchange server. I allowed 15 minutes before I re-tried however I got the same error message. I then went and removed the account in EMC and tried to re-add. However when i followed the steps to add from an existing user in AD I now only had 32 users being detected in my whole environment. It would not even show my account. I did not change anything since I added the user less than 30 minutes ago so I cannot see why it can no longer find the remaining users already in AD when it was previously working fine I went to Server Configuraton -> mailbox and right click to properties under "System Settings" Tab the DC server being used is Exchange is the old exchange server which was also the DC. Again no changes have been made and can only guess that these settings were there before I started. I ran a 'get-ADSServerSettings' and the view entire forest was set to "false". I have also seen the error Description: Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1764). No Global Catalog server is up in the local site 'Romford'. Exchange Active Directory Provider will use the following out of site global catalog servers: netexch.domain.local where netexch is the old 2003 DC and Exchage server. This error message has been showing since March though so not sure if this is affecting the current issue. I know there is a lot of information but I wanted to limit the number of questions that may arise because I have not given enough information to resolve. I would appreciate any help. Thanks
July 5th, 2011 4:55pm

Please explain "I then allowed a user access to the mailbox. When I went to set the mailbox access through outlook I got the error message that the mailbox could not be found on the exchange server" You don't need to do anything explicit for the users to access mailboxes unless you're granting a primary user secondary full mailbox access. Have you tried access the mailbox via OWA? If you remove the account in EMC it deletes the AD user. "Removing" deletes the AD account as well, "Disabling" marks the mailbox for deletion but leaves the AD account in place. Is Active Directory sites and services correctly defined with your sites and subnets?James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
July 5th, 2011 5:16pm

Hi Thanks for the speedy reply. "Please explain "I then allowed a user access to the mailbox. When I went to set the mailbox access through outlook I got the error message that the mailbox could not be found on the exchange server You don't need to do anything explicit for the users to access mailboxes unless you're granting a primary user secondary full mailbox access." - I went to the mailbox in EMC and then selected to give another user "full mailbox rights" to the new mailbox. I then went onto the users machine who required the access to the mailbox and added the mailbox on their outlook. This is when the error appeared" "Have you tried access the mailbox via OWA?" - Yes and i get the error "The Active Directory resource couldn't be accessed. This may be because the Active Directory object doesn't exist or the object has become corrupted, or because "you don't have the correct permissions." "Is Active Directory sites and services correctly defined with your sites and subnets?" - I believe so. Set as DC and also GC. Thanks.
July 5th, 2011 5:52pm

In the site Romford does it contain the subnets that your 2008 is on? On your exchange 2010 if you right click org configure in emc and choose modify config dc do you have option to select your 2008 dc? On your exchange 2010 open cmd and do dcdiag /s:dcname (any errors) Run exchange best practice analyzer James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
July 5th, 2011 6:00pm

"In the site Romford does it contain the subnets that your 2008 is on?" - Yes "On your exchange 2010 if you right click org configure in emc and choose modify config dc do you have option to select your 2008 dc?" - Yes and the 2008 server which is also the exchange and DC has been selected" "On your exchange 2010 open cmd and do dcdiag /s:dcname (any errors)" - I get the following errors: Starting test: NCSecDesc Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have access rights for the naming context: DC=DomainDNSZones,DC=......, DC=local Replicating Directory Changes in Filtered Set Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have access rights for the naming context: DC=DomainDNSZones,DC=......, DC=local Replicating Directory Changes in Filtered Set "Run exchange best practice analyzer" - I need to install microsoft .net framework 1.1 before i can run the analyzer and will do this now Thanks
July 5th, 2011 6:38pm

Hello, According to: http://support.microsoft.com/kb/967482. You can safely ignore the NCSecDesc error. Please run EXBPA and check the application log to see if there are any further related information about this issue. Thanks, Simon
Free Windows Admin Tool Kit Click here and download it now
July 7th, 2011 10:56am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics