constraint violation occurs when attempting to add attibute dLMemSumbitPermsBL UserDN for distribution group
constraint violation occurs when attempting to add attibute dLMemSumbitPermsBL UserDN for distribution group
hi can any one please help. we dont have an exchange server in our domain but use directory syncronization with microsoft exchange online.
adding the attibute msExchRequireAuthToSendTo works fine but trying to add
dLMemSumbitPermsBL with a value of
CN=VANG-Distribution-Group-Auth,OU=Security Groups,DC=viceroyang,DC=corporate,DC=thekorgroup,DC=loca
returns a constrain error or the following error message
ADMODIFY.ERR - A constraint violation occurred. (Exception from HRESULT: 0x8007202F
we are running Windows Server 2003 R2 SE SP2 and using AD version 5.2.3790.3959 with MS Exchange online
April 4th, 2011 6:43pm
It looks like you are trying to write a back-link attribute value - which is not possible. You can only write the forward link values.
http://www.activedir.org/Articles/tabid/54/articleType/ArticleView/articleId/39/Default.aspx
What is it you are trying to achieve?Tony
Free Windows Admin Tool Kit Click here and download it now
April 4th, 2011 6:59pm
Agree with Tony you're trying to back-link an attribute for attributes that are programmed to be hardcoded only.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
April 4th, 2011 7:32pm
Tony / James thanks - i have this distribution group:
CN=VANG-Test-DG,OU=Distribution Groups,DC=mydomain,DC=com
i have a security group
CN=VANG-Distribution-Group-Auth,OU=Security Groups,DC=mydomain,DC=com
i would like to use Active directory Explorer from systeminternals.com to set the property dLMemSumbitPerms with a value of:
VANG-Distribution-Group-Auth,OU=Security Groups,DC=mydomain,DC=com
so that ONLY membs of the VANG-Distribution-Group-Auth security group can send email to the distribution group
VANG-Test-DG
e.g. (vang.dg.test@mydomain.com)
this used to work with distribution groups when we had a local exchange server but we have since migrated to Microsoft Exchange Online and decomissioned our local Exchange server we have run into a problem.
i realized now the error of trying to modify dLMemSumbitPermsBL - thank you for that
however when i try to use dLMemSumbitPerms i get a new error that the value:
'VANG-Distribution-Group-Auth,OU=Security Groups,DC=mydomain,DC=com'
is not a valid syntax for ORName
Free Windows Admin Tool Kit Click here and download it now
April 5th, 2011 3:49pm
Hi Matthew
Looks like you might have missed the "CN=" prefix from the name
CN=VANG-Distribution-Group-Auth,OU=Security Groups,DC=mydomain,DC=com
not
VANG-Distribution-Group-Auth,OU=Security Groups,DC=mydomain,DC=comTony
April 5th, 2011 4:20pm
I appologize Tony ! - I did miss it from the post but its not being missed from the attempt to enter the value in Active Directory Explorer or ADMODIFY
I am using:
cn=vang-distribution-group-auth,ou=security groups,dc=mydomain,dc=com
and ideas why i would get not valid syntax for an ORName in Active Directory Explore or
Exception from HRESULT: 0x8007200A
error in ADMODIFY
<?xml version="1.0" standalone="no" ?>
<!DOCTYPE LogFile (View Source for full doctype...)>
- <XmlRoot xmlns="45201134600PM.xml">
<user UserDN="LDAP://CN=VANG-Test-DG,OU=Distribution Groups,DC=mydomain,DC=com," type="Failure"
attribute="dLMemSumbitPerms" message="ADMODIFY.ERR - The specified directory service attribute or value does not exist. (Exception from HRESULT:
0x8007200A)" />
</XmlRoot>
Free Windows Admin Tool Kit Click here and download it now
April 7th, 2011 9:20am
You can't modify that attribute it's owned by the system.
ms-Exch-DL-Mem-Submit-Perms-BL Attribute
Backlink to
ms-Exch-DL-Mem-Submit-Perms Attribute.
If you're trying to put in the restriction of who can send to the DL use the dLMemSubmitPerms attribute.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
April 7th, 2011 11:22am
Hi Matthew
Can you check your AD schema to see that the attribute ms-Exch-DL-Mem-Submit-Perms Attribute is present?Tony
Free Windows Admin Tool Kit Click here and download it now
April 7th, 2011 4:26pm
James: thanks for your continued help: to answer your question - yes im trying with the dLMemSubmitPerms attribute now and not the dLMemSubmitPermsBL one (i was originally trying with the BL attribute in error)
Tony: I just checked my schema and the attribute ms-Exch-DL-Mem-Submit-Perms is there
strangely i was able to successfully add both the
msExchRequireAuthToSendTo
and
msExchHideFromAddressLists
attributes successfully to the distribution list in question.
do I have to enclose the intended value of the ORName
CN=Vang-Distribution-Group-Auth,OU=Security Groups,DC=mydomain,DC=com
in any special quotation marks or other delimiters? could it be the AD attribute editor I'm attempting to use?
April 7th, 2011 4:50pm
James: thanks for your continued help: to answer your question - yes im trying with the dLMemSubmitPerms attribute now and not the dLMemSubmitPermsBL one (i was originally trying with the BL attribute in error)
Tony: I just checked my schema and the attribute ms-Exch-DL-Mem-Submit-Perms is there
strangely i was able to successfully add both the
msExchRequireAuthToSendTo
and
msExchHideFromAddressLists
attributes successfully to the distribution list in question.
do I have to enclose the intended value of the ORName
CM=Vang-Distribution-Group-Auth,OU=Security Groups,DC=mydomain,DC=com
in any special quotation marks or other delimiters? could it be the AD attribute editor I'm attempting to use?
Free Windows Admin Tool Kit Click here and download it now
April 7th, 2011 4:50pm
Hi Matthew
Normally you would need to enclose it in double-quotes if the DN contains spaces, but yours doesn't appear to.
Try entering the value on the DG with ADSIEdit and see if that will accept the syntax.
Tony
April 7th, 2011 5:00pm
Hi Tony,
I was able to set the value of the dLMemSubmitPerms using ASDIedit but even after waiting over 24 hrs the desired result had not taken place.
I then realized that the controlling group: CN=Vang-Distribution-Group-Auth,OU=Security Groups,DC=mydomain,DC=com
is defined as a security group and not a distribution group. I have since changed it to a distribution group and am currently waiting to see if the change will produce the desired result after replication.
As a side note, I am curious as to whether I can set the attribute msExchRequireAuthToSendTo
at the same time as dLMemSubmitPerms or whether the two would interfer with each other. if i get
dLMemSubmitPerms to work i will test setting msExchRequireAuthToSendTo
= TRUE afterwards
regards
Free Windows Admin Tool Kit Click here and download it now
April 9th, 2011 11:58am
Hi - it stilll does not work I have tried everything I can think of (all of the above). Are there any other exchange added attributes that need to be set in order for the dlMemSubmitPerms attibute to work?
as the actual exchange server is located in the cloud (mail.microsoftonline.com) I will try to re open a ticket with them and ask them if they are seeing the dlMemSubmitPerms in their environment (i assume that they have a replica of our domain somewhere
...)
April 10th, 2011 5:04pm