When sending e-mail messages to a mail-enabled public folder that have been replicated from old Exchange Server 2000/2003/2007, Exchange Server 2010 environment mails are rejected with NDR.
Hi, I would like to share with you issue that I’ve solved regarding mail-enabled PF that migrated from Exchange 2000/2003/2007 to 2010, I’ve searched & contacted my MVP leader – there’s no official KB regarding this issue right now, so I’m posting here in order to share this among others.
Note: There’s article(s) that talked about PF replication from Exch2000/2003/2007 to 2010 – this is the same issue as well.
E-mail messages that been sent to mail-enabled public folder in Exchange Server 2010 environment rejected with the following NDR:
“#< #5.2.0 smtp;554 5.2.0 STOREDRV.Deliver.Exception:ObjectNotFoundException; Failed to process message due to a permanent exception with message The Active Directory user wasn’t found. ObjectNotFoundException: The Active Directory user wasn’t found.> #SMTP#”
Sometimes Exchange Server 2010 is documented as well Event ID 1020 on the Event Viewer with this information:
“Log Name: Application
Source: MSExchange Store Driver
Event ID: 1020
The store driver couldn’t deliver the public folder replication message "Hierarchy (PublicFolderName@DNSDomainName.com)" because the following error occurred: The Active Directory user wasn't found.”
In an environment where Microsoft Exchange Server 2000 or Microsoft Exchange Server 2003 previously existed, and all those servers have been removed, there is a chance that an Administrative Group (First Administrative Group or another custom Administrative Group) remains with a Servers container, but no servers inside it.
During replication, when the Exchange 2010 Store Driver sees the empty Servers container in Active Directory, it's expecting a System Attendant object inside the container and when it is not found the error occurs.
To work around the issue, delete the empty Servers container. This can't be done through Exchange System Manager. Use the ADSI Edit tool to remove it using the following steps:
Warning If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2003 Server, Microsoft Windows Server 2008, Microsoft Exchange 2010 Server or both Windows and Exchange. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.
1. Start the ADSI Edit MMC Snap-in. Click Start, then Run, and type adsiedit.msc, and then click OK.
2. Connect & Expand the Configuration Container [YourServer.DNSDomainName.com], and then expand CN=Configuration,DC=DNSDomainName,DC=com.
3. Expand CN=Services, and then CN=Microsoft Exchange, and then expand CN=YourOrganizationName.
4. You will see an empty Administrative Group. Expand the CN=YourAdministrativeGroupName.
5. Expand CN=Servers.
6. Verify there are no server objects listed under the CN=Servers container.
7. Right click on the empty CN=Servers container and choose Delete.
8. Verify the modification, and try to send again the E-mail to the mail-enabled public folder.
Exchange Server 2010, Standard Edition
Exchange Server 2010, Enterprise Edition
Netanel Ben-Shushan, MCSA/E, MCTS, MCITP, Windows Expert-IT Pro MVP. IT Consultant & Trainer | Website (Hebrew): http://www.ben-shushan.net | IT Services: http://www.ben-shushan.net/services | Weblog (Hebrew): http://blogs.microsoft.co.il/blogs/netanelb | E-mail: email@example.com
Thanks for sharing the knowledge, Netanel. It would definitely help others who get the same issue
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
I have just renamed (Rename would be easier than AD Restore) the entry CN=First Administrative Group to CN=First Administrative Group OLD and from now on everything works fine! All mails are successfully sent to mail enabled public folders!
Thank you for your posting!
Perhaps not a KB article describing a failed delivery of e-mail, but there's a KB article describing the empty Servers container:
HP has an article that describes it, though:
--- Rich Matheisen MCSE&I, Exchange MVP
I am doing an Exchange 2003 to 2010 migration. I have this same error and I cannot get the public folders to replicate. My issue is that I still have the 2003 Exchange server running. However, my servers are in a child domain of a forest and some of the Administrative Groups in the forest do have empty server containers.
I am trying to find out if these other empty server containers are the cause of my replication and mail-enabled public folder NDR errors. Can anyone point me at a document on this?
There is no good reason to retain an empty "Servers" container. It doesn't matter what domain they're in because the Configuration naming context of the AD is replicated to every DC in the forest (which is why you can't have more than one Exchange organization in a forest).
--- Rich Matheisen MCSE&I, Exchange MVP
Got a quick question.. if I am running a dedicated Exchange 2010 environment then is there any actual need for me to have the "CN=First Administrative Group" container?
Reason I ask is that previous admins look to have "ripped" out the Exchange 2003 server without properly decommissioning it. I am on a clean up operation and Exchange BPA keeps complaining about the Routing Group and other things it finds on the scan relating to Exchange 2003. I would really like to remove the entire container for "CN=First Administrative Group" as I no longer have any Exchange 2003 servers..
Everywhere I read says just delete the "CN=Servers" container but question is why not the whole lot...?