• FIM 2010 GalSync Solution (2 Management Agents)
  • Microsoft Exchange 2007
  • Microsoft Exchange 2007 & Microsoft Exchange 2010



In this GalSync solution, we had users in the Microsoft Exchange 2010 that we were synchronizing across to Microsoft Exchange 2007 to create contacts.  In doing so, we received an ma-extension-error when exporting.  Reviewing the Application Event Log, we found the following error message:



Event ID: 68O1
General Details
The extensible extension returned an unsupported error in MILS.
The stack trace is:
“Microsoft. MetadirectoryServi ces. Extension Exception:


Object is read only because it was created by a future version of Exchange: 0.10 ( Current supported version is 0.1 (8.0.535.0).


at Exch2007Extension.Exch200lExtensionClass.AfterExportEntryToCd(Byte[] origAnchor, Sjring origDN, String origDeltaEntryXml, Byte[] newAnchor, String newDN, String
failedDeltaEntryXml, String errorMessage)
Microsoft Identity Integration Server 3.3.1139,2’



Previewing an object experiencing the error message, we found that we were importing the msExchVersion Attribute.  This is a Direct flow, indicating that we are pulling the information directly from the Microsoft Exchange 2010 User Object.  Confirmed in the management agent that was exporting to Microsoft Exchange 2007, that we were exporting the msExchVersion value in Direct Flow.

Configure Attribute Flow - Management Agent exporting to Exchange 2007


Generating Preview of the User Object to see the value




We were able to resolve this issue by removing the msExchVersion attribute from the Export Attribute Flow on the management agent exporting to Microsoft Exchange 2007.


If this attribute is important to you, you may consider using a management agent extension to control the version number that goes into the msExchVersion attribute.



  • Microsoft Identity Lifecycle Manager 2007 Feature Pack 1 Service Pack 1
  • Microsoft Identity Forefront Identity Manager 2010