none
Provisioning Mail-Enabled User to Exchange Server 2010 RRS feed

  • Question

  • Dear All,

            I created a custom galsync source code to create a mail-enabled user from user forest(Exchange 2003) to resource forest(Exchange 2010). The mail-enabled user object is able to import in FIM. However, when FIM Server start to export to resource forest.

           There are below errors:

    There is an error in Exch2010Extension AfterExportEntryToCd() function when exporting an object with DN CN=SMokgele,OU=Users,OU=Windmill,OU=SIML Business Units,DC=corp,DC=simlds,DC=com.
    Type: Microsoft.MetadirectoryServices.ExtensionException
    Message:
    **** ERROR ****
    Property RoleAssignmentPolicy can’t be set on this object because it requires the object to have version 0.10 (14.0.100.0) or later. The object’s current version is 0.0 (6.5.6500.0).

    **** END ERROR ***

    What is this error about? I double checked the source code, I provided all mandatory attributes, but the errors still exist.

    Please help.


    Tuesday, June 11, 2013 3:35 AM

Answers

  • I've only seen this issue when the msExchHomeServerName attribute was not populated with the correct value. I thought that MS put everything in the ou=Exchange Administrative Group (FYDIBOHF23SPDLT) as of version 2007 of Exchange and that First Administrative Group was used only for Exchange 2003 but I might be wrong on that one.

    Do you still have Exchange 2003 servers in your organization?

    I'm running out of ideas to try, perhaps someone else has seen this and have a solution?



    --- Jesper Lönnqvist, Identity Architect http://addition-it.se

    • Marked as answer by Vincent Shek Thursday, June 13, 2013 3:26 AM
    Tuesday, June 11, 2013 12:36 PM

All replies

  • I will provide the source code.

    For this case. I inserted value in attributes:

    1.cn

    2.sAMAccountName

    3.homeMDB

    4.mailNickName

    5.msExchHomeServerName

    Tuesday, June 11, 2013 3:49 AM
  • One more thing:

    The mail-enabled user can be exported successfully,  however, the error can be found in the event viewer.

    Tuesday, June 11, 2013 6:08 AM
  • What does your msExchHomeServerName look like?

    I believe it should be something like this:

    /o=Company/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=ExchServer


    --- Jesper Lönnqvist, Identity Architect http://addition-it.se

    Tuesday, June 11, 2013 6:44 AM
  • Hi Jesper,

    The msExchHomeServerName  is like following:

    /0=ASCG/ou= First Administrative Group/cn=Configuration/cn=Servers/cn=ASA_Server


    Tuesday, June 11, 2013 6:53 AM
  • That does not look correct, if that is a direct copy of what is in your sync rule/code. For one it should start with /o as in Oscar not /0 as in zero.

    You can find the correct value using for example ADSI edit. Exactly on which node in ADSI edit you will find this depends on your environment but this should give you an idea.

    Drill down to:

    Configuration

    CN=Configuration,DC=Contoso,DC=com

    CN=Services

    CN=Microsoft Exchange

    CN=ContosoOrg

    CN=Administrative Groups

    CN=Exchange Administrative Group

    CN=Servers

    Here you should find your Exchange Server Name, right click on it and select properties, in the list you should find legacyExchangeDN.

    Compare that to the string you used above and see if it differs.


    --- Jesper Lönnqvist, Identity Architect http://addition-it.se

    Tuesday, June 11, 2013 7:08 AM
  • Hi Jesper,


    Sorry. This is my typo issue. It should be

    /o=ASCG/ou= First Administrative Group/cn=Configuration/cn=Servers/cn=ASA_Server

    Tuesday, June 11, 2013 7:30 AM
  • I've only seen this issue when the msExchHomeServerName attribute was not populated with the correct value. I thought that MS put everything in the ou=Exchange Administrative Group (FYDIBOHF23SPDLT) as of version 2007 of Exchange and that First Administrative Group was used only for Exchange 2003 but I might be wrong on that one.

    Do you still have Exchange 2003 servers in your organization?

    I'm running out of ideas to try, perhaps someone else has seen this and have a solution?



    --- Jesper Lönnqvist, Identity Architect http://addition-it.se

    • Marked as answer by Vincent Shek Thursday, June 13, 2013 3:26 AM
    Tuesday, June 11, 2013 12:36 PM
  • Hi Jesper.

    Yes. We are using Exchange Server 2003(User Forest) and Exchange 2010(Resource Forest). The FIM server is used to provision mail-enabled user to resource forest. In the custom sync, it can successfully provision distribution list and contact to Exchange 2010, but only mail enabled user has this issue.

    Wednesday, June 12, 2013 7:17 AM
  • This is the source code reference:
    Wednesday, June 12, 2013 7:17 AM
  • A further study, the mail-enabled user is able to created in Exchange Server 2010(The mentioned error still occur), however, it is displayed as Legacy Mailbox.
    Wednesday, June 12, 2013 10:55 AM
  • I've only seen this issue when the msExchHomeServerName attribute was not populated with the correct value. I thought that MS put everything in the ou=Exchange Administrative Group (FYDIBOHF23SPDLT) as of version 2007 of Exchange and that First Administrative Group was used only for Exchange 2003 but I might be wrong on that one.

    Do you still have Exchange 2003 servers in your organization?

    I'm running out of ideas to try, perhaps someone else has seen this and have a solution?



    --- Jesper Lönnqvist, Identity Architect http://addition-it.se

    Thanks Jesper. After I saw your opinion, I focus on checking the attribute "msExchHomeServerName ", I discovered that in the Exchange Server 2010's ma, there is a attribute flow MetaVerse's msExchHomeServerName  => Exchange Server 2010' msExchHomeServerName . After I remove this attribute flow rule, the user account can be created successfully.

    Thanks again for your professional opinion :D

    Thursday, June 13, 2013 3:29 AM
  • Hello, 

    I am running FIM R2 and using MV code to provision new AD users and Exchange 2010 mailboxes.  I am getting the following intermittent errors meaning this appears to work for some users and fails for others.  I have not been able to find a pattern to this so far.  The specific error when creating mail enabled users is:

    **** ERROR ****

    Property RoleAssignmentPolicy can’t be set on this object because it requires the object to have version 0.10 (14.0.100.0) or later. The object’s current version is 0.0 (6.5.6500.0).

    **** END ERROR ***

    1. After this error, the mailboxes are created as legacy mailboxes and not a standard Exchange 2010 mailbox
    2. My msExchHomeServerNamestring is /o=Acme/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=MyExchangeServer1
    3. I only set the value for msExchHomeServerName and homeMDB is in my provisioning code.  There are no additional attribute flows to these values in my AD MA.
    4. Oddly enough, we are not getting the same error in our dev environment but we are using a different Exchange database for the most part.  The Exchange server value is the same.  Is anyone aware of a server configuration issue that would explain this?
    5. The section of code that sets the mail box is:
     msExchangeHomeServer ="/o=Acme/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=MyExchangeServer1";
           
    mailboxMDB = "CN=MyExchangeDB,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Acme,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=beta,DC=Acme";
                                
    CSentry = ExchangeUtils.CreateMailbox(ManagementAgent, dn, nickName, mailboxMDB);
                                
    CSentry["msExchHomeServerName"].Value = msExchangeHomeServer;
                            
    CSentry.DN = dn;

    CSentry["userPrincipalName"].Value = loginName + upnSuffix;
    CSentry["sAMAccountName"].Value = loginName;   
       

    I would really appreciate any insights or suggestions.  This has been a real pain...

    Cheers!



    Tuesday, November 3, 2015 11:56 AM