none
When sending e-mail messages to a mail-enabled public folder that have been replicated from old Exchange Server 2000/2003/2007, Exchange Server 2010 environment mails are rejected with NDR.

    General discussion

  • Hi, I would like to share with you issue that I’ve solved regarding mail-enabled PF that migrated from Exchange 2000/2003/2007 to 2010, I’ve searched & contacted my MVP leader – there’s no official KB regarding this issue right now, so I’m posting here in order to share this among others.

    Note: There’s article(s) that talked about PF replication from Exch2000/2003/2007 to 2010 – this is the same issue as well.

     

    Symptoms

    E-mail messages that been sent to mail-enabled public folder in Exchange Server 2010 environment rejected with the following NDR:

    “#< #5.2.0 smtp;554 5.2.0 STOREDRV.Deliver.Exception:ObjectNotFoundException; Failed to process message due to a permanent exception with message The Active Directory user wasn’t found. ObjectNotFoundException: The Active Directory user wasn’t found.> #SMTP#”

    Sometimes Exchange Server 2010 is documented as well Event ID 1020 on the Event Viewer with this information:

    “Log Name: Application

    Source: MSExchange Store Driver

    Event ID: 1020

    Level: Error

    Description:

     

    The store driver couldn’t deliver the public folder replication message "Hierarchy (PublicFolderName@DNSDomainName.com)" because the following error occurred: The Active Directory user wasn't found.”

     

    Cause

    In an environment where Microsoft Exchange Server 2000 or Microsoft Exchange Server 2003 previously existed, and all those servers have been removed, there is a chance that an Administrative Group (First Administrative Group or another custom Administrative Group) remains with a Servers container, but no servers inside it.

     

    During replication, when the Exchange 2010 Store Driver sees the empty Servers container in Active Directory, it's expecting a System Attendant object inside the container and when it is not found the error occurs.

     

    Resolution

    To work around the issue, delete the empty Servers container. This can't be done through Exchange System Manager. Use the ADSI Edit tool to remove it using the following steps:

     

    Warning If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2003 Server, Microsoft Windows Server 2008, Microsoft Exchange 2010 Server or both Windows and Exchange. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.

     

    1.       Start the ADSI Edit MMC Snap-in. Click Start, then Run, and type adsiedit.msc, and then click OK.

    2.       Connect & Expand the Configuration Container [YourServer.DNSDomainName.com], and then expand CN=Configuration,DC=DNSDomainName,DC=com.

    3.       Expand CN=Services, and then CN=Microsoft Exchange, and then expand CN=YourOrganizationName.

    4.       You will see an empty Administrative Group. Expand the CN=YourAdministrativeGroupName.

    5.       Expand CN=Servers.

    6.       Verify there are no server objects listed under the CN=Servers container.

    7.       Right click on the empty CN=Servers container and choose Delete.

    8.       Verify the modification, and try to send again the E-mail to the mail-enabled public folder.

     

    Applies to

    Exchange Server 2010, Standard Edition

    Exchange Server 2010, Enterprise Edition


    Netanel Ben-Shushan, MCSA/E, MCTS, MCITP, Windows Expert-IT Pro MVP. IT Consultant & Trainer | Website (Hebrew): http://www.ben-shushan.net | IT Services: http://www.ben-shushan.net/services | Weblog (Hebrew): http://blogs.microsoft.co.il/blogs/netanelb | E-mail: msilforums@ben-shushan.net
    Wednesday, May 11, 2011 5:00 PM

All replies

  • Thanks for sharing the knowledge, Netanel. It would definitely help others who get the same issue

    Additional Information:

    Public Folder Replication Fails Due To Empty Legacy Administrative Group


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, May 12, 2011 2:43 AM
  • Thank you for posting this...it fixed the issue and we back in business.

    Thanks again, Alex Samol


    Alex Samol

    Wednesday, June 06, 2012 7:18 PM
  • I have just renamed (Rename would be easier than AD Restore) the entry CN=First Administrative Group to CN=First Administrative Group OLD and from now on everything works fine! All mails are successfully sent to mail enabled public folders!

    Thank you for your posting!

    Thursday, October 04, 2012 9:23 AM
  • Thanks for the detailed information, solved the problem for me after a 2003 -> 2010 migration.
    Tuesday, September 10, 2013 11:56 AM
  • Perhaps not a KB article describing a failed delivery of e-mail, but there's a KB article describing the empty Servers container:

    http://support.microsoft.com/kb/2487271/en-us

    HP has an article that describes it, though:

    http://h10025.www1.hp.com/ewfrf/wc/document?cc=us&lc=en&dlc=en&docname=c03699733


    --- Rich Matheisen MCSE&I, Exchange MVP

    Tuesday, September 10, 2013 7:06 PM
  • Thanks, solved problem in Exchange 2010 to Exchange 2013 migration.
    I needed to clean AD from Exchange 2003 entries and i havn't delete the CN=Servers containers.

    Thursday, October 24, 2013 9:45 AM
  • I am doing an Exchange 2003 to 2010 migration.  I have this same error and I cannot get the public folders to replicate.  My issue is that I still have the 2003 Exchange server running.  However, my servers are in a child domain of a forest and some of the Administrative Groups in the forest do have empty server containers.

    I am trying to find out if these other empty server containers are the cause of my replication and mail-enabled public folder NDR errors.  Can anyone point me at a document on this?

    Thanks.

    Monday, January 06, 2014 7:49 PM
  • Awesome! Resolved my issue as well. Thanks for this! 
    Friday, January 10, 2014 9:38 AM
  • There is no good reason to retain an empty "Servers" container. It doesn't matter what domain they're in because the Configuration naming context of the AD is replicated to every DC in the forest (which is why you can't have more than one Exchange organization in a forest). 

    Remove them.


    --- Rich Matheisen MCSE&I, Exchange MVP

    Saturday, January 11, 2014 4:55 PM
  • Got a quick question.. if I am running a dedicated Exchange 2010 environment then is there any actual need for me to have the "CN=First Administrative Group" container? 

    Reason I ask is that previous admins look to have "ripped" out the Exchange 2003 server without properly decommissioning it. I am on a clean up operation and Exchange BPA keeps complaining about the Routing Group and other things it finds on the scan relating to Exchange 2003. I would really like to remove the entire container for "CN=First Administrative Group" as I no longer have any Exchange 2003 servers..

    Everywhere I read says just delete the "CN=Servers" container but question is why not the whole lot...?

    Saturday, January 11, 2014 5:31 PM