Hello all,

I am wondering if people have seen issues with Universal DLs where members are not removed from the DLs. DLs are being populated through a query from an Oracle Database. Membership is removed and repopulated nightly. Scripts are written in powershell to check to see if DL exists, if it does remove members and repopulate.

We are currently in a mixed 2003/2012 R2 DC environment and are migrating to 2012 R2 shortly.

Much of what I have read indicates that Global Catalog replication seems to be a problem when updating Universal groups. This may lead to DL corruption. The process is ok in the beginning and through testing, but over a week or so the DLs dont drop members. 

Has anyone experienced issues with DL members not being removed in the mixed DC scenario? Are there any rock solid solutions.

I should add the DLs are created with accounts that are org admins and managed by those accounts.

Any help appreciated.

• Moved by Jason Johnston [MSFT]Microsoft employee Thursday, February 05, 2015 3:25 PM Not a development question.

Hi,

hate to point this out, but this is really an Exchange administration question and should thus be asked in the Exchange Administration forums (See this post).

Posting questions in the correct forum will yield faster and better result, improve usability of the forums and help other admins find help with similar issues faster.

That said, turn on auditing and check what's actually happening.

Cheers,
Fred

Hmm, the only thing I can think of is possibly during the removal\repopulate process. You may need to take into an account replication time between each process ie. implement a sleep time between the 2.

I appreciate the input here Fred. Bottom line is many categories are ambiguous on this site when registering topics. 

As for waiting for replication, I do have wait statements within the code to pause while removing and adding users to the DLs as James suggested.

I also specifically loop through the DL list to remove members.

Any other ideas?

How do you know when the members are not removed? Do you reconcile the members the new list with the oracle db with the DL the following morning and finding differences or are you logging the powershell script? And the process\script works every single time when you run on demand?

Hi,

some questions / ideas:

• Are you ensuring you run your commands against a Global Catalog DC (preferably the Infrastructure Master FSMO Owner of the domain where the universal group is native, if you are running a forest)?
• When member-removals fail, do all of them fail, or only some of them?
• Instead of a purge & refill operation, would it not be better to do a differential-calculation and only apply actual changes?
• How about adding a operation verification routine, that will log any failed attempts and try to apply failed changes again until a limit on number of attempts has been reached?
• Do you log your script execution? If not yet, consider using Start-Transcript to dump all host output to a log-file.

Cheers,
Fred

Hi, 

I agree with FWN. Please run repadmin /syncall /Adep on all DC to force replication.
Additional, I find a similar tread about Problem with Replication in a multi-domain forest, for your reference:
https://social.technet.microsoft.com/Forums/en-US/dc5fe14d-55ea-4422-8270-256711cb50b9/problem-with-replication-in-a-multidomain-forest?forum=winserverDS

Meanwhile, please refer to below link to get more details about Troubleshooting mail transport and distribution groups:
https://support.microsoft.com/kb/839949/en-us

Best Regards,
Allen Wang