Cross-domain administration erroring with address list service error
We have a production domain and a development domain both running Exchange 2007 SP3. We want to be able to use production accounts to administer our development environment. We want to do this because we have some development happening in production and so need service accounts from there to be able to administer development recipients. So... Exchange existed in production. I installed it in development I verified it worked as a functioning dev environment. We created a two-way forest trust for this project. I ran Setup /prepareAD /foreignforestFQDN:production.domain I reduced the trust to one-way (Dev trusting Prod) I verified security still works by verifying the security on the OU's in AD, and I can run get's all day using production accounts. When I run an enable I get the following: [PS] C:\Documents and Settings\a120351815>Enable-Mailbox username -DomainController devdc.devdomain.local -Database 'devmailbox1\mailbox1 database 1' -Verbose -whatif VERBOSE: Enable-Mailbox : Beginning processing. VERBOSE: Enable-Mailbox : Searching objects "devmailbox1\mailbox1 database 1" of type "MailboxDatabase" under the root "$null". VERBOSE: Enable-Mailbox : Previous operation run on domain controller 'devdc.devdomain.local' VERBOSE: Enable-Mailbox : Searching objects "username" of type "ADUser" under the root "$null". VERBOSE: Enable-Mailbox : Previous operation run on domain controller 'devdc.devdomain.local' VERBOSE: Enable-Mailbox : Searching objects of type "ADRecipient" with filter "(|((Alias Equal username)))", scope "SubTree" under the root "$null". VERBOSE: Enable-Mailbox : Previous operation run on global catalog server 'devdc.devdomain.local' VERBOSE: Enable-Mailbox : Applying RUS policy to the given recipient "devdomain.local/Accounts/Non-Student/Employee/username" with the home domain controller 'devdc.devdomain.local'. An Exchange 2007 server on which an address list service is active cannot be found. At line:1 char:1 + <<<< Enable-Mailbox username -DomainController devdc.devdomain.local -Database 'devmailbox1\mailbox1 database 1' -Verbose -whatif + CategoryInfo : ResourceUnavailable: (:) [], RusServerUnavailableException + FullyQualifiedErrorId : 59726CD8 Sorry about the play-by-play type of post, I just wanted to make sure I didn't leave something out that we have done. I have restarted the system attendant, disabled the TCP chimney, and rebooted 20 times... I also know that when I run this on the server itself it goes through no problem. The problem comes in when I run it on a server in production. I want to avoid using WinRS if possible. I've also done a change to $AdminSessionADSettings.ConfigurationDomainController='devdc.devdomain.local' as well, which cleared up LDAP errors, but not this. Any suggestions would be most welcome. Steve Froehlich
May 23rd, 2012 4:58pm

Hi, I understand that you want to configure cross-forest administration. Please verify the setup against the article below: How to Configure Cross-Forest Administration http://technet.microsoft.com/en-us/library/bb232078(v=exchg.80).aspx By the way, have you tested the issue when we have two-way trust?Xiu Zhang TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
May 25th, 2012 3:04am

Hello, Thank you for your reply. I used that article in configuring our setup. We were an existing production domain, introducing development, so I skipped the areas of creating the groups on the incoming side of the trust since they already existed. Otherwise, I followed the rest of the directions. I'm fairly certain the sercurity is correct (it matches the article) because I wasn't able to get information out until I had that set up as well. I did try it with the two way trust in place first, with the same result. SteveSteve Froehlich
May 25th, 2012 9:13am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics