All users not showing up from AD
Hi all
I have just had an issue appear suddenly and am not sure if I am not doing something correctly or am not ticking the correct box.
There have been no fixes or changes done to the server running 2008 and our exchange server is using 2010. We also have 2003 server machines with server 2003 but exchange for this has been disabled by the previous administrator. Since I started a couple
of weeks back we have had anything to do with exchange going through 2010.
This morning I added a new user in AD and then created a mailbox for that new account. I then allowed a user access to the mailbox. When I went to set the mailbox access through outlook I got the error message that the mailbox could not be found on the exchange
server. I allowed 15 minutes before I re-tried however I got the same error message.
I then went and removed the account in EMC and tried to re-add. However when i followed the steps to add from an existing user in AD I now only had 32 users being detected in my whole environment. It would not even show my account. I did not change
anything since I added the user less than 30 minutes ago so I cannot see why it can no longer find the remaining users already in AD when it was previously working fine
I went to Server Configuraton -> mailbox and right click to properties under "System Settings" Tab the DC server being used is Exchange is the old exchange server which was also the DC. Again no changes have been made and can only guess that these settings
were there before I started. I ran a 'get-ADSServerSettings' and the view entire forest was set to "false".
I have also seen the error
Description:
Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1764). No Global Catalog server is up in the local site 'Romford'. Exchange Active Directory Provider will use the following out of site global catalog servers:
netexch.domain.local
where netexch is the old 2003 DC and Exchage server. This error message has been showing since March though so not sure if this is affecting the current issue.
I know there is a lot of information but I wanted to limit the number of questions that may arise because I have not given enough information to resolve. I would appreciate any help.
Thanks
July 5th, 2011 4:55pm
Please explain "I then allowed a user access to the mailbox. When I went to set the mailbox access through outlook I got the error message that the mailbox could not be found on the exchange server"
You don't need to do anything explicit for the users to access mailboxes unless you're granting a primary user secondary full mailbox access.
Have you tried access the mailbox via OWA?
If you remove the account in EMC it deletes the AD user. "Removing" deletes the AD account as well, "Disabling" marks the mailbox for deletion but leaves the AD account in place.
Is Active Directory sites and services correctly defined with your sites and subnets?James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
July 5th, 2011 5:16pm
Hi
Thanks for the speedy reply.
"Please explain "I then allowed a user access to the mailbox. When I went to set the mailbox access through outlook
I got the error message that the mailbox could not be found on the exchange server
You don't need to do anything explicit for the users to access mailboxes unless you're granting a primary user secondary full mailbox access."
- I went to the mailbox in EMC and then selected to give another user "full mailbox rights" to the new mailbox. I then went onto the users machine who required the access to the mailbox and added the mailbox on their outlook. This is when the error appeared"
"Have you tried access the mailbox via OWA?"
- Yes and i get the error
"The Active Directory resource couldn't be accessed. This may be because the Active Directory object doesn't exist or the object has become corrupted, or because "you don't have the correct permissions."
"Is Active Directory sites and services correctly defined with your sites and subnets?"
- I believe so. Set as DC and also GC.
Thanks.
July 5th, 2011 5:52pm
In the site Romford does it contain the subnets that your 2008 is on?
On your exchange 2010 if you right click org configure in emc and choose modify config dc do you have option to select your 2008 dc?
On your exchange 2010 open cmd and do dcdiag /s:dcname (any errors)
Run exchange best practice analyzer
James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
July 5th, 2011 6:00pm
"In the site Romford does it contain the subnets that your 2008 is on?"
- Yes
"On your exchange 2010 if you right click org configure in emc and choose modify config dc do you have option to select your 2008 dc?"
- Yes and the 2008 server which is also the exchange and DC has been selected"
"On your exchange 2010 open cmd and do dcdiag /s:dcname (any errors)"
- I get the following errors:
Starting
test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have access
rights for the naming context: DC=DomainDNSZones,DC=......, DC=local
Replicating Directory Changes in Filtered Set
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have access rights for the naming context: DC=DomainDNSZones,DC=......,
DC=local
Replicating Directory Changes in Filtered Set
"Run exchange best practice analyzer"
- I need to install microsoft .net framework 1.1 before i can run the analyzer and will do this now
Thanks
July 5th, 2011 6:38pm
Hello,
According to:
http://support.microsoft.com/kb/967482. You can safely ignore the NCSecDesc error.
Please run EXBPA and check the application log to see if there are any further related information about this issue.
Thanks,
Simon
Free Windows Admin Tool Kit Click here and download it now
July 7th, 2011 10:56am