Good Day,I have a problem in our Company. We are using Exchnage 2007 server. And we have a couple of domain Controllers all on the same site. Note: Exchange 2007 Mailbox role is running on Win 2008 SP2 where the rest of roles i.e Hub,Edge, & CA are on Win 2003. Initially all servers where windows 2003, then we recently migrates all mailbox to new server (win 2008). The old Win 2003 server with Exchange mailbox role was removed completely and all mailboxes moved to the new serverWe have come to this new issue which we didn't come to it before afte the migration. Whenever we try to either Enable the mailbox for existing user or Even Creating New-User and enable mailbox for him from Exchnage we are getting the bellow message ( I used both EMC And shell and still get the same error) :************************************************************Summary: 1 item(s). 0 succeeded, 1 failed. Elapsed time: 00:00:00Joe ToddFailedError:Active Directory operation failed on DC1.contoso.com This error is not retriable. Additional information: The name reference is invalid.This may be caused by replication latency between Active Directory domain controllers.Active directory response: 000020B5: AtrErr: DSID-03152392, #1: 0: 000020B5: DSID-03152392, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 92dd5693 (homeMTA)A value in the request is invalid.Exchange Management Shell command attempted:Enable-Mailbox -Identity 'Contoso.com/Company users/Finance/Joe Todd' -Alias 'ToddJ' -Database 'EXMB\Storage Group 9 - General\9SG Mailbox DB'Elapsed Time: 00:00:00**********************************Microsoft posts solution for that for Exchange 2010:http://support.microsoft.com/kb/977960But how I can do this on Exchange 2007. This command is not on Exchange 2007.I wish I can find solution for this. I went to all possible solutions by checking replications...etc but with no luckThank you

Is 'EXMB' the old server that has been removed or the new one?OliverOliver Moazzezi | Exchange MVP, MCSA:M, MCTS:Exchange 2010, BA (Hons) Anim | http://www.exchange2007.com | http://www.exchange2010.com | http://www.cobweb.com |

Thank you OliverMozzezi,EXMB is the new server and I am getting this error when I am trying to create the mailbox in the new mailbox.EXMB is the only available MAilbox server right now after the migration.EXMB is functioning normally and the current users are accessing their mailbox as usuall. Only creating additional mailbox enabled users giving this error. Even tried to create a new user from withing Exchange and I am getting the same errorRegards

Hi, Can you create new user in ADUC? Could you please run the cmdlet: $AdminSessionADSettings.PreferredGlobalCatalog = "DC1.contoso.com"$AdminSessionADSettings.PreferredDomainControllers = "DC1.contoso.com"$AdminSessionADSettings.ConfigurationDomainController = "DC1.contoso.com"And try to enable-mailbox again. If it failed, please edit the regedit. Hkey_local_System\SYSTEM\CurrentControlSet\Services\MSExchange ADAccess\Disable LDAP EncryptionDisable LDAP Encryption is a DWORD value that should be set to 1, to disable LDAP encryption. After that ,restart the System Attendant service. Frank Wang

Hi Frank, Thank you for your Reply. We have solved this problem by changing something on GC (will explain later); but I have a doubt that this is the reason. As I stated previously, We have several domain controllers (all on the same site), so all domain controllers were also Global Catalog. I think this is fine since we are having one site and only one domain as I read many posting that in a single domain you can make all DCs as GC. Note: So before with All DCs as GCs, we were able to create users normally. What he have done? Is making only 3 Domain Controllers as Global Catalog and remove the GC from the rest. Then we restarted the System Attendant Service and we were able to create/Enable users. So my doubt is that restarting the service solved the problem not changing the GC. I wish someone correct me if I am mistaken. Thanks Frank and to all for your replies

Hi Frank One more question for you. Is it possible to view the current value of "$AdminSessionADSettings.PreferredGlobalCatalog " and the rest config you mentioned above. I don't want to set this value but I want to see its cuurent and to view if someone else had already set that. As we have many admins/hands on the system :(. Regards

Hi, I also think it is restarting the service solved the problem not changing the GC. In the restart process, you flushed something in memory that was causing the issue. You can. Enter the $AdminSessionADSettings in the EMS. Frank Wang