"Active Directory operation failed on DC " when assigning Send As permissions on a distribution group

Similar Messages

• BO XI 3.1 : Active Directory Authentication failed to get the Active Directory groups

  Dear all 
          In our environment, there are 2 domain (domain A and B); it works well all the time. Today, all the user belong to domain A are not logi n; for user in domain B, all of them can log in but BO server response is very slowly. and there is error message popup when opening Webi report for domain B user. Below are the error message: 
         " Active Directory Authentication failed to get the Active Directory groups for the account with ID:XXXX; pls make sure this account is valid and belongs to an accessible domain"
        Anyone has encountered similar issue?
     BO version: BO XI 3.1 SP5
     Authenticate: Windows AD
  Thanks and Regards

  Please get in touch with your AD team and verify if there are any changes applied to the domain controller and there are no network issues.
  Also since this is a multi domain, make sure you have 2 way transitive forest trust as mentioned in SAP Note : 1323391 and FQDN for Directory servers are maintained in registry as per 1199995
  http://service.sap.com/sap/support/notes/1323391
  http://service.sap.com/sap/support/notes/1199995
  -Ambarish-

• Active Directory domain failed

  Hello Team,
  When i joined to our active directory, everytime bui gives same error messages:
  The attempt to join the Active Directory domain failed either because the clocks of the appliance and the domain controller are skewed or the administrative user
  does not have the appropriate permissions to create a computer account in Active Directory.
  It is recommended that NTP be used to keep clocks synchronized when using Active Directory.
  Storage Appliance: 7310 One Controller, No firewall for ntp server also which connect directly NTP Domain server. Actually my believe is that no time sync issue.
  Firmware version is latest patch.
  What is your idea about this issue?
  i did many times this action plan: but result is same
  ActiveDirectoryTasks
  B)Joining a Domain
  1.Configure an ActiveDirectory site in the CIFS context. (optional)
  2.Configure a preferred domain controller in the CIFS context. (optional)
  3.Enable NTP, or ensure that the clocks of the appliance and domain controller are synchronized
  to within five minutes.
  4.Ensure that your DNS infrastructure correctly delegates to the ActiveDirectory domain, or add
  your domain contoller's IP address as an additional name server in the DNS context.
  5.Configure the ActiveDirectory domain, administrative user, and administrative password.
  6.Apply/commit the configuration.
  A)Joining aWorkgroup
  Configure theworkgroup name.
  Apply/commit the configuration.
  1. First of all LAN Compatibility Mode 4 works fine with Win 2003 (AD Server)
  2. While trying to join the AD, using a non ADMIN username and passsword will not help
  Try using a username/pass which has Administrative Privileges (specifically having the rights for Account Creation in
  the AD Server) on the AD server.
  (I was trying by a different username/pass but it was not joing the storage to AD. It joined when i tried a user having
  the privileges to create Machine Accounts in AD)
  3. For Clock Sync, the tolerance limit is upto 5 Minutes..So you can take care that the difference does not go beyond
  5 minutes.
  Thanks
  Can
  Gantek Tech.

  Your first post to these OTN forums.
  You posted your inquiry to a HARDWARE forum.
  Your issue seems to be a Microsoft OS issue and you just happen to have your OS volumes on a model 7310 appliance.
  I suggest you go find a forum somewhere that is hosted for Microsoft AD issues.
  If you happen to need the documentation for that piece of storage hardware, there are currently three PDF's available:
  http://docs.oracle.com/cd/E19935-01/index.html
  They are the Installation Guide, the hardware Administration Guide, and the Service Manual.
  There are no current Oracle-published documents for that box as related to Active Directory.

• Active Directory Replication failed

  Hi all,
  I'm deploying lync server 2010 in virtual server.
  My Domain controller is a physical server.
  Windows update restart is done when almost 90% of deployment is completed.
  During enabling users in Lync Server control panel
  I have got an issue after server restart, is active directory replication failed.
  Regards,
  Arun.

  The problem is more related with Domain Controller.
  Please check the event log on Domain Controller.
  You can also refer to the following link to troubleshoot Active Directory Replication Problems:
  http://technet.microsoft.com/en-us/library/cc738415(v=ws.10).aspx
  Lisa Zheng
  TechNet Community Support

• Could not connect to the Active Directory. Active Directory Certificate Services will retry when processing requires Active Directory access

  Event properties – Event 91, Level Error, Event ID 91, Date and time 5/10/2012 11:29:48AM, Service CertificationAuthority
  General: 
  Could not connect to the Active Directory.
  Active Directory Certificate Services will retry when processing requires Active Directory access.
  We have a Windows 2008 Server Enterprise with AD . I would like to enable the service  "Certificate Services"  that
  allow me to enable radius to authenticate users wireless with the active directory.

  Hi, 
  Can you please check this forum or someone from Microsoft, as we have post here dating back from October that are not being answered.
  Everything for us is exactly the same as szucsati and Racom
  NMNM, 
  Please give us an answer on this as the link provided is absolutely useless.
  Thank you.

• Failed to mount database "General Users". Error: An Active Manager operation failed

  Failed to mount database "General Users". Error: An Active Manager operation failed. Error: The database action failed. Error: Database 'General Users' on server 'EX02' cannot be mounted due to a previous error: At '12/3/2014
  3:52:17 PM' the Exchange store database 'General Users' copy on this server appears to be inconsistent with the active database copy or is corrupted. For more details about the failure, consult the Event log on the server for other storage and "ExchangeStoreDb"
  events. A successful failover restored service. If you have addressed the underlying problem, or if you have decided to attempt to mount the database despite this error, the mount operation may be attempted by using the '-Force' parameter of the Mount-Database
  cmdlet. [Database: General Users, Server: EX02.domain.com]
  Md. Ramin Hossain

  Hi,
  From your description, it is recommended to suspend the failed database copy at first using the cmdlet below.
  Suspend-MailboxDatabaseCopy -Identity "xxx"
  And then reseed the database with a new copy using Update-MailboxDatabaseCopy -Identity "xxx" -DeleteExistingFiles cmdlet.
  What's more, here is a helpful thread for your reference.
  Update-MailboxDatabaseCopy
  http://technet.microsoft.com/en-us/library/dd335201(v=exchg.150).aspx
  Hope this can be helpful to you.
  Best regards,
  Amy Wang
  TechNet Community Support

• Verification of prerequisites for Active Directory preparation failed

  We currently have Windows Server 2003 SBS, SP2, Domain Controller. Would like to add Windows Server 2012, Standard, 64-bit as a backup domain controller.
  "Verification of prerequisites for Active Directory preparation failed. Unable to perform Exchange schema conflict check for domain sxxxx.local.
  Exception: The RPC server is unavailable.
  Adprep could not retrieve data from the server name.xxxxx.local through Windows Managment Instrumentation (WMI).
  [User Action]
  Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20130417103902-test directory for possible cause of failure."
  What the log says is really:
  "Adprep encountered a Win32 error. Error code: 0x6ba Error messa The RPC server is unavailable."
  Can anyone has similar experience shred some lights to troubleshoot this? Have reviewed
  other links that have similar probems but that doesn't help. 
  Many Thanks!

  Of course I CANNOT remove Symnatec as Meinolf suggests. That would be out of my mind!! I tried to stop all their services though which doesn't help. I know this has nothing to do with Symantec. Here comes another test, the final one:
  Test 8
  This article is really good as it concludes very thoroughly about the problems about "800706BA - RPC Server Is Unavailable" and other WMI query issues:
  http://goo dot gl/l2iha
  I started looking at he ISA 2004 on our SBS 2003.
  Tried to disable the RPF Filter:
  a. Open Microsoft Internet Security and Acceleration Server 2004
  b. Go to Configuration > Add-in and location RPC Filter on the right side, right-click on it and select Properties, uncheck 'Enable this filter'
  c. Hit Apply....
  d. Now I go back to Windows 7 and test the WMI query.
  The result: it WORKS! 
  e. Next, I tried that on the Windows Server 2012 like so:
  c:>wmic /node:sbs2003servername computersystem list brief /format:list
  It also works!
  f. Next also on Windows Server 2012, I continued on what was left over.  I did the "Rerun prerequisites check " and no surprise - "All prerequisite checks passed successfully. Click 'Install' to begin installation"!
  Well that concludes the problem of installing Windows Server 2012 (standard) as a backup domain controller to a Windows SBS 2003 domain controller and the  troubleshooting process that finally led to a solution that solves my problem. Thanks for all
  the discussions over the web. Every bit counts!
  Well if this helps you in some way, give me some points to buy beer! I am going to have a drink with Bill, Cheers! 

• Starting just today, when I send an e-mail to a group of friend using BCC, Thunderbird tacks on [Bulk] to my subject. How do I prevent that?

  Starting just today, when I send an e-mail to a group of friend using BCC, Thunderbird tacks on [Bulk] to my subject. How do I prevent that?
  Bill Gray
  [email protected]

  Thunderbird does not modify subject lines. Check your antivirus software or email providers spam filters.

• When I send an e-mail to a group address, from my address book, I get an error messageI get an error message that one of them is not a valid e-mail address, although I have used it alone without any problem.

  When I send an e-mail to a group address, from my address book, I get an error messageI get an error message that one of them is not a valid e-mail address, although I have used it alone without any problem.

  See https://support.mozilla.org/en-US/questions/1018363

• [E2010] [EWS] [C#] [Windows]: How do I assign public folder Permission to a distribution Group

  Hi,
  I have a little C# Form Application which should be create a Public Folder and assign permission for a Distribution Group in Exchange 2010.
  I have found following in the EWS Documentation:
   FolderPermission fp = new FolderPermission();
   fp.UserId.PrimarySmtpAddress = "[email protected]";
  If i try this with a User Email it works as well. But if I try to set a Email address from a Distribution Group it will throw this Error:
  "Invailid UserID"
  Does anybody know, how to set Folder Permissions to a Distribution Group?
  Thanks,
  Julian

  You can't set permission on an Item in a Public folder the only level you can set the permissions at are on the folder. Your probably better of using a Distribution Group which you can create via the Exchange Management Shell
  http://technet.microsoft.com/en-AU/library/aa998856(v=exchg.150).aspx l. You can then set rights on who can use this distribution group and it will also be visible in the GAL
  etc.
  cheers
  Glen

• Active Directory Operation on Disater Recovery Drill

  Hye everybody,
  Need some advice from you guys, i'll have to be ready for the DR Drill in upcoming week, my concern is this scenario, if we have a PDC in HQ, DC (GC) some branchs, and also DC (GC) in DR site. So when we do the DR operation where we disconnect the network
  line in HQ and we swing all system apps including AD. it also involve the branch network that will pointing to DR site.
  The testing that we have to do in DR Drill is such user authnetication, join domain session, replication, GPO and also make sure all the test are success or we get scold.. 8)
  So what is the best practice from microsoft site or old timer here on what i should do to make this AD operation at DR is succcesfully working like normal.
  Hope i'llvhave some input from you guys, thanks..

  Hello,
  for the branch office, make sure that you have at least one DC / DNS / GC server. When a disaster occur on the HQ then you have to change the IP configuration settings of the client computers in the Branch Office so that they will point to this DC as a primary
  DNS server. Like that, all should be okay with domain authentication, group policy applicance ...
  Now, for FSMO roles, if you don't resize them then you will get problems like
  You are unable to perform changes on AD schema
  Time Sync problems
  If the HQ DCs are unrecoverable then I recommend proceeding by resizing FSMO roles on DCs of the Branch Office. If not, you can:
  Wait until these DCs are back
  Resize FSMO roles and when the DCs of HQ will be back then force their demotion using
  dcpromo /forceremoval. Note that if resized, DCs of HQ should never be online before demotion
  Also, after these changes, you have to make sure that there is at least two DC / DNS / GC servers in the branch office. If not, add a new one. Like that, you will reduce risks of losing your domain.
  Before a disaster appear, you have to make sure that AD replication is made correctly.
  This
  posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Microsoft
  Student Partner 2010 / 2011
  Microsoft Certified
  Professional
  Microsoft Certified
  Systems Administrator: Security
  Microsoft Certified
  Systems Engineer: Security
  Microsoft Certified
  Technology Specialist: Windows Server 2008 Active Directory, Configuration
  Microsoft Certified
  Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
  Microsoft Certified
  Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
  Microsoft Certified
  Technology Specialist: Windows 7, Configuring
  Microsoft Certified
  IT Professional: Enterprise Administrator

• Active Directory: user has admin rights when logs in for the first time

  I have an Xserve server running OS X server 10.5.8 and trying to host _open and active directory_ for both Mac and PC machines. The open directory works fine but what happens on the active directory side is that, when a user logs in from a windows machine he/she can access all the other users folders. In other words, he/she almost has *admin rights*. Is this normal or there is some settings that I can look into to fix this?
  Details: The first time user logs in, his only effect on the server is the password change. What this means is that his changes dont get uploaded to the server. It is only the second time the user logs in from ANOTHER computer that the server starts saving the his profile. Also, after the second login the user doesnt have admin rights anymore.
  Thanks,
  MR

  If you've just changed your login password in Recovery mode, follow these instructions. Otherwise, see below.
  At some point, you may have reset your keychain to default in Keychain Access. That action would have caused your login keychain to be renamed.
  Back up all data before proceeding.
  In Keychain Access, delete the login keychain from the keychain list. Choose Delete References when prompted, not Delete References & Files.
  Triple-click anywhere in the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:
  ~/Library/Keychains
  In the Finder, select
            Go ▹ Go to Folder...
  from the menu bar, paste into the box that opens (command-V), and press return. A folder will open. Rename the file "login.keychain" in that folder to something like "login-old.keychain". Rename the file "login_renamed_1.keychain" to "login.keychain". You can then close the folder.
  Back in Keychain Access, select 
            File ▹ Add Keychain...
  from the menu bar. Add back the file now named "login.keychain". If any of your needed keychain items are missing from it, also add back the file you named "login-old.keychain". I suggest you transfer any needed items from that keychain to the login keychain, then delete it. The transfers are made by drag-and-drop in Keychain Access. You'll need to enter your password for each item transferred.

• Active Directory Discovery fails to bind to OU

  I am continuously receiving the following error:
  Active Directory System Discovery Agent failed to bind to container
  LDAP://OU=DOMAIN CONTROLLERS,DC=MYDOMAIN,DC=COM. Error: The specified directory service attribute or value does not exist.
  Not sure what to check at this point.  I have checked permissions on the OU, Server has read permissions. Here is screenshot of properties:

  Have you tried discovery of the entire forest, not just a single OU? If that works then it has to be permissions to that OU. If it fails, then it would be no permissions to the forest.
  I'd also consider using a user account (just as a test). Personally I've always used the site server computer account, but you could also try a user account for this to ensure that it's not something else.
  Wally Mead

• Exchange 2010 Unable to Assign Full Access Permissions using a Security Group

  I've been running into this issue lately.  I cannot seem to use groups to allow full access to mailboxes.  When I add them from the EMC, it will show up when you go to "Manage Full Access Permission...".  After waiting a day and even restarting
  the Information Store service, the permissions do not take effect.  When I view the msExchDelegateListLink attribute of the mailbox account, the group is not listed.
  When I grant a user full permission, it works and updates the attribute.  However, on occasion when I revoke the full access permission for a user is doesn't always remove that user from the msExchDelegateListLink attribute.  So the mailbox
  will still appear in Outlook, but the user isn't able to see new emails.
  Any ideas on what may be going wrong?
  Environment:
  Exchange Server 2010 SP1 Standard
  Windows Server 2008 R2 Standard
  Outlook 2010 SP1 (tried without SP1 as well)
  I was looking over Add-MailboxPermission on Technet (http://technet.microsoft.com/en-us/library/bb124097.aspx) and I noticed that it doesn't mention adding groups.  Is this not possible?

  I never got a proper fix.
  I worked around it by creating a script which gets the members of an AD Mail Enabled security group, and updates the full access based on the groups members.
  Here's a script I'm running every hour which updates permissions. It's probably not the most efficient script ever, but it works. It has several benefits
  1. Managers of the distribution group can add/remove mailbox members using OWA or through the address list
  2. New members of groups are added to FULL Access Permissions
  3. Members removed from the groups are removed from FULL access permissions
  4. Automapping works :)
  5. Maintains a log of access added / removed / time taken etc.
  Obviously I have had to remove domain related information, replace with whatever your domain requirements are, and PLEASE debug it properly in your environent first, don't complain to me if it wipes out a load of access for you or something like that!
  It takes about 5 minutes to run in my environement. Some formatting seems to have got messed up on here, sorry. I hope it is of use!
  # Mailbox Permissions Setter for Exchange #
  # v1.1 #
  # This script will loop through all mailboxes in Exchange and find any where #
  # the type is 'SHARED'. These should be determined to be a GROUP/SHARED mailbox #
  # and access to these mailboxes are controlled by a single ACL, e.g. 'ACL_Shared_Mailbox'. #
  # This script will add any members of these ACLs directly to the Full Access Permissions #
  # of the mailbox and also remove them if they no longer need the access. #
  # Script created by Jon Read, Technical Administration
  # Recent Changes
  # 15/11/2012
  # 1.1 Added exclusions for ACLs that we don't want automapping to happen for
  # 12/11/2012
  # 1.0 Initial script
  #Do not change these values
  Add-PSSnapin *Ex*
  $starttime = Get-Date
  $logfile = "C:\accesslog.txt"
  $logfile2 = "C:\accesslog2.txt"
  $totaladditionstomailboxes = 0
  $totalremovalsfrommailboxes = 0
  $totalmailboxesprocessed = 0
  $totalmailboxesskipped = 0
  # Exclude any ACLs that shouldn't be processed here if they are used for a non-standard purpose and
  # we don't want FULL access mapping to happen. Seperate array values with commas
  $ExcludedACLArray = "DOMAIN\ACL_ExcludedExample"
  Write-Output " " >> $logfile
  Write-Output " " >> $logfile
  Write-Output "#----------------------------------------------------------------#" >> $logfile
  Write-Output "# Mailbox Permissions Setter for Exchange #" >> $logfile
  Write-Output "# v1.1 #" >> $logfile
  Write-Output "#----------------------------------------------------------------#" >> $logfile
  Write-Output " " >> $logfile
  Write-Output " " >> $logfile
  Write-output "Start time $starttime ">> $logfile
  Write-Output " " >> $logfile
  Write-Output " " >> $logfile
  # Set preferred DCs and GCs
  $preferredDC = "preferredDC.domain"
  $preferredGC = "preferredGC.domain"
  Write-Output " PreferredDC = $preferredDC ">> $logfile
  Write-Output " PreferredGC = $preferredGC " >> $logfile
  Set-ADServerSettings -PreferredGlobalCatalog $preferredGC -SetPreferredDomainControllers $preferredDC
  # The first part of this will ADD permissions to the mailbox, reading from an associated ACL.
  # Check for all mailboxes where the type is SHARED. These are the only ones we would
  # want to apply group mailbox permissions to.
  foreach ($mailbox in get-mailbox -resultsize "unlimited" | where-object {$_.RecipientTypeDetails -eq "SharedMailbox"})
  $totalmailboxesprocessed = $totalmailboxesprocessed + 1
  Write-Output " " >> $logfile
  Write-Output " " >> $logfile
  Write-Output "|-------------------------------------------------------" >> $logfile
  Write-Output "| MAILBOX ADDITIONS: $mailbox " >> $logfile
  Write-Output "|-------------------------------------------------------" >> $logfile
  $mailbox=$mailbox.ExchangeGuid.ToString()
  # For each of them, get the distribution list applied to the mailbox (Starting DOMAIN\ACL_)
  # We then need it to be turned into a string to use later.
  #Declared $changes as 0. if this is set to 0 at the end of the mailbox job, we know no changes were made.
  $changes = 0
  foreach ($distributiongroup in get-mailbox $mailbox | Get-MailboxPermission | Where-Object {$_.User -like "DOMAIN\ACL_*" })
  $skipACL = 0
  #Get the distribution group and put the name in a useable format
  $distributiongroup=$distributiongroup.user.tostring()
  Write-Output "Found ACL $distributiongroup" >> $logfile
  # Check if this distribution group needs to be excluded and if it shouldn't be processed
  # then move onto the next ACL. This will stop FULL access being granted if the mailbox is
  # used for a non-standard purpose. See the start of this script
  # for where these are excluded (ExcludedACLArray)
  foreach ($ACL in $ExcludedACLArray )
  if ($distributiongroup -eq $ACL)
  $skipACL = 1
  Write-Output "ACL $distributiongroup is excluded so skipping mailbox " >> $logfile
  $totalmailboxesskipped = $totalmailboxesskipped + 1
  if ($skipACL -eq 0)
  # Get each user in this group and for each of them, add try to add them to full access permissions.
  foreach ($user in Get-DistributionGroupMember -identity $distributiongroup)
  # Get the user to try, convert to DOMAIN\USER to use shortly
  $user="DOMAIN\" + $user.alias.ToString()
  # Check to see if the user we have chosen from the ACL group already exists in the full access
  # permissions. If they do, set $userexists to 1, if they do not, leave $userexists set to 0.
  # Set $userexists to 0 as the default
  $userexists = 0
  foreach ($fullaccessuser in get-mailbox $mailbox | Get-MailboxPermission)
  # See if the user exists in the mailbox access list.
  # Change $fullaccessuser to a useable string (matching $user)
  $fullaccessuser=$fullaccessuser.user.tostring()
  if ($fullaccessuser -eq $user)
  $userexists=1
  # Break out of foreach if the user exists so we don't unnecessarily loop
  break
  # Now we know if the user needs to be added or not, so run code (if needed) to add
  # the user to full access permissions
  if ($userexists -eq 0)
  Add-MailboxPermission $mailbox –user $user –accessrights "FullAccess"
  Write-Output "Added $user " >> $logfile
  $changes = 1
  $totaladditionstomailboxes = $totaladditionstomailboxes + 1
  #Now repeat for other users in the ACL
  #if changes were 0, then log that no changes were made
  if ($changes -eq 0)
  Write-Output "No changes were made." >> $logfile
  Write-Output " " >> $logfile
  Write-Output " " >> $logfile
  Write-Output "---------------------------------------------------------------------------------" >> $logfile
  Write-Output " FINISHED ADDING PERMISSIONS" >> $logfile
  Write-Output "---------------------------------------------------------------------------------" >> $logfile
  Write-Output " " >> $logfile
  # The second part of this will REMOVE permissions from the mailbox, reading from an associated ACL.
  ## Check for all mailboxes where the type is SHARED. These are the only ones we would
  ## want to apply group mailbox permissions to.
  foreach ($mailbox in get-mailbox -resultsize "unlimited" | where-object {$_.RecipientTypeDetails -eq "SharedMailbox"})
  Write-Output " " >> $logfile
  Write-Output " " >> $logfile
  Write-Output "|-------------------------------------------------------" >> $logfile
  Write-Output "| MAILBOX REMOVALS : $mailbox " >> $logfile
  Write-Output "|-------------------------------------------------------" >> $logfile
  $mailbox=$mailbox.ExchangeGuid.ToString()
  #Declared $changes as 0. if this is set to 0 at the end of the mailbox job, we know no changes were made.
  $changes = 0
  # For the current mailbox, get a list of all users with FULLACCESS, and then for each of them
  # check if they exist in the ACL
  foreach ($fullaccessuser in get-mailbox $mailbox | Get-MailboxPermission | Where-Object {$_.Accessrights -like "FullAccess" })
  # Get the security identifier (SSID) of the FULLACCESS user to store for later.
  $fullaccessuserSSID=$fullaccessuser.user.SecurityIdentifier.ToString()
  $fullaccessuser=$fullaccessuser.User.ToString()
  #If user needs to be excluded then skip this bit
  #Users added or removed will only start with 07 (07$, 07T, so only run if the user starts with this.
  #This stops it trying to remove NT AUTHORITY\SELF and other System entries
  if ($fullaccessuser -like "DOMAIN\07*")
  # Set $userexists to be 0. if we find the use user needs to remain, then change it to 1.
  $userexists=0
  # Check if this user exists in the ACL, if not, remove.
  foreach ($distributiongroup in get-mailbox $mailbox | Get-MailboxPermission | Where-Object {$_.User -like "DOMAIN\ACL_*" })
  $distributiongroup=$distributiongroup.user.tostring()
  #Write-Output "Found associated distribution group $distributiongroup" >> $logfile
  # Get each user in this group and for each of them, See if it matches the user in the mailbox.
  foreach ($user in Get-DistributionGroupMember -identity $distributiongroup)
  # Get the user to try, convert to DOMAIN\USER to use shortly
  $userguid = $user.Guid.ToString()
  $user="DOMAIN\" + $user.alias.ToString()
  if ($fullaccessuser -eq $user)
  $userexists=1
  #we have found the user exists so no need to continue
  break
  # If userexists = 0, then they are NOT in the ACL, and should be removed from
  # the full access permissions. Run the code to remove them from full access.
  #CONVERT FULLACCESSUSER TO GUID AND REMOVE $FULLACCESSUSERGUID NOT $USERGUID
  if ($userexists -eq 0)
  Remove-MailboxPermission -Identity $mailbox –user $fullaccessuserSSID –accessrights "FullAccess" -Confirm:$false
  Write-Output "Removed $fullaccessuser " >> $logfile
  $changes = 1
  $totalremovalsfrommailboxes = $totalremovalsfrommailboxes + 1
  # if changes = 0, no changes were made to this mailbox, so log this fact.
  if ($changes -eq 0)
  Write-Output "No changes were made." >> $logfile
  #Put the time in a displayable format
  $endtime = Get-Date
  $runtime = $endtime - $starttime
  $runtime = $runtime.ToString()
  $runtime1 = $runtime.split(".")
  $totaltime = $runtime1[0]
  Write-Output " " >> $logfile
  Write-Output " " >> $logfile
  Write-Output "|-------------------------------------------------------------------------------------- " >> $logfile
  Write-Output "| SCRIPT COMPLETE : STATS " >> $logfile
  Write-Output "|-------------------------------------------------------------------------------------- " >> $logfile
  Write-Output "| Total Mailboxes Processed : $totalmailboxesprocessed " >> $logfile
  Write-Output "| Total Additions : $totaladditionstomailboxes " >> $logfile
  Write-Output "| Total Removals : $totalremovalsfrommailboxes " >> $logfile
  Write-Output "| Total Mailboxes Skipped due to ACL : $totalmailboxesskipped " >> $logfile
  Write-output "| Start time : $starttime ">> $logfile
  Write-output "| End time : $endtime ">> $logfile
  Write-Output "| **END OF RUN** - Elapsed time : $totaltime " >> $logfile
  Write-Output "|---------------------------------------------------------------------------------------" >> $logfile
  Write-Output " " >> $logfile

• ADEP LDAP (Active Directory) Connection Failed

  Hi,
  I have a problem with ADEP connecting to our LDAP server.
  Interestingly enough it works only once, but then on the second synchronization it doesn't seem to work and says Failed. Not sure what happens.
  I assume it does this alphabetically, so when I compare users/groups/group memebers starting with 'u' or 'w' in ADEP and LDAP using ADExplorer they are matched prefectly.
  What worries me is if a new user comes in and it can't sync anymore.
  Info:
  I'm running ADEP Document Services on JBoss and MySQL using turnkey installation.
  Notes:
  -This works prefectly fine with Adobe Livecycle on another server using the same LDAP server.
  -I've completely uninstalled and re-installed ADEP for this and still got the same error.
  Any help would be greatly appreciated.
  Log file:
  2012-01-15 06:05:47,782 INFO  [com.adobe.idp.um.businesslogic.synch.SynchronizationManager] (SimpleThreadPoolWorker-3) Synch was completed successfully for the following domains [KFUPM_AD(DONE,2)]
  2012-01-15 06:05:47,782 INFO  [com.adobe.idp.um.businesslogic.synch.SynchronizationManager] (SimpleThreadPoolWorker-3) Directory synchronization completed in 5 hrs 24 mins 17 secs 
  2012-01-15 06:05:47,804 INFO  [com.adobe.idp.um.scheduler.AbstractClusterJob] (SimpleThreadPoolWorker-1) Acquired the lock, proceeding with completing the job.
  2012-01-15 06:05:47,813 INFO  [com.adobe.idp.um.businesslogic.synch.SynchronizationManager] (SimpleThreadPoolWorker-1) Directory synchronization started. Thread name SimpleThreadPoolWorker-1
  2012-01-15 06:05:47,916 INFO  [com.adobe.idp.um.businesslogic.synch.DomainSynchronizer] (SimpleThreadPoolWorker-1) Synchronization started for domain KFUPM_AD
  2012-01-15 06:05:48,225 INFO  [com.adobe.idp.um.businesslogic.synch.DomainSynchronizer] (SimpleThreadPoolWorker-1) ---> Starting User synchronization
  2012-01-15 06:05:48,228 INFO  [com.adobe.idp.um.businesslogic.synch.DomainSynchronizer] (SimpleThreadPoolWorker-1) Starting Users synch from KFUPM_AD
  2012-01-15 06:06:22,957 WARN  [com.adobe.idp.um.businesslogic.synch.LdapHelper] (SimpleThreadPoolWorker-1) Record [CN=Paul Graeme Brown,OU=kfupm,DC=itc,DC=kfupm,DC=edu,DC=sa] is missing required attribute userid [sAMAccountName]
  2012-01-15 06:06:23,334 WARN  [org.hibernate.util.JDBCExceptionReporter] (UM Synch thread) SQL Error: 1062, SQLState: 23000
  2012-01-15 06:06:23,334 ERROR [org.hibernate.util.JDBCExceptionReporter] (UM Synch thread) Duplicate entry 'ali-4C787461-20AC-102F-BEB2-00000A8C088A' for key 'UIDINDEX'
  2012-01-15 06:06:23,335 ERROR [org.jboss.ejb.plugins.LogInterceptor] (UM Synch thread) RuntimeException in method: public abstract java.util.List com.adobe.idp.um.businesslogic.synch.dao.SynchronizationDAO.batchPersistPrincipals(com.ad obe.idp.um.entity.PrincipalDomainEntity,java.util.List,com.adobe.idp.um.entity.PrincipalEn tity$PrincipalType,boolean,com.adobe.idp.um.businesslogic.synch.SynchronizationContext):
  org.hibernate.exception.ConstraintViolationException: could not execute update query
            at org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:71)
            at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:43)
            at org.hibernate.hql.ast.exec.BasicExecutor.execute(BasicExecutor.java:84)
            at org.hibernate.hql.ast.QueryTranslatorImpl.executeUpdate(QueryTranslatorImpl.java:396)
            at org.hibernate.engine.query.HQLQueryPlan.performExecuteUpdate(HQLQueryPlan.java:259)
            at org.hibernate.impl.SessionImpl.executeUpdate(SessionImpl.java:1141)
            at org.hibernate.impl.QueryImpl.executeUpdate(QueryImpl.java:94)
            at com.adobe.idp.um.businesslogic.synch.hibernate.HibernateSynchronizationDao.batchPersistPr incipals(HibernateSynchronizationDao.java:338)
            at sun.reflect.GeneratedMethodAccessor1159.invoke(Unknown Source)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:597)
            at org.jboss.invocation.Invocation.performCall(Invocation.java:386)
            at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionConta iner.java:233)
            at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionI nterceptor.java:156)
            at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstance Interceptor.java:173)
            at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
            at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
            at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:404)
            at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
            at org.jboss.ejb.plugins.SecurityInterceptor.process(SecurityInterceptor.java:228)
            at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:211)
            at org.jboss.ejb.plugins.security.PreSecurityInterceptor.process(PreSecurityInterceptor.java :97)
            at org.jboss.ejb.plugins.security.PreSecurityInterceptor.invoke(PreSecurityInterceptor.java: 81)
            at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
            at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor. java:138)
            at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:650)
            at org.jboss.ejb.Container.invoke(Container.java:1092)
            at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invoke(BaseLocalProxyFactory.java:436)
            at org.jboss.ejb.plugins.local.StatelessSessionProxy.invoke(StatelessSessionProxy.java:103)
            at $Proxy522.batchPersistPrincipals(Unknown Source)
            at com.adobe.idp.um.businesslogic.synch.hibernate.HibernateSynchronizationDao.persistPrincip als(HibernateSynchronizationDao.java:202)
            at sun.reflect.GeneratedMethodAccessor1160.invoke(Unknown Source)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:597)
            at org.jboss.invocation.Invocation.performCall(Invocation.java:386)
            at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionConta iner.java:233)
            at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionI nterceptor.java:156)
            at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstance Interceptor.java:173)
            at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
            at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
            at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350)
            at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
            at org.jboss.ejb.plugins.SecurityInterceptor.process(SecurityInterceptor.java:228)
            at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:211)
            at org.jboss.ejb.plugins.security.PreSecurityInterceptor.process(PreSecurityInterceptor.java :97)
            at org.jboss.ejb.plugins.security.PreSecurityInterceptor.invoke(PreSecurityInterceptor.java: 81)
            at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
            at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor. java:138)
            at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:650)
            at org.jboss.ejb.Container.invoke(Container.java:1092)
            at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invoke(BaseLocalProxyFactory.java:436)
            at org.jboss.ejb.plugins.local.StatelessSessionProxy.invoke(StatelessSessionProxy.java:103)
            at $Proxy522.persistPrincipals(Unknown Source)
            at com.adobe.idp.um.businesslogic.synch.DirectoryPersister.batchPersist(DirectoryPersister.j ava:134)
            at com.adobe.idp.um.businesslogic.synch.DirectoryPersister.run(DirectoryPersister.java:98)
            at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
            at java.lang.Thread.run(Thread.java:662)
  Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLIntegrityConstraintViolationException: Duplicate entry 'ali-4C787461-20AC-102F-BEB2-00000A8C088A' for key 'UIDINDEX'
            at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
            at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java: 39)
            at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorIm pl.java:27)
            at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
            at com.mysql.jdbc.Util.handleNewInstance(Util.java:407)
            at com.mysql.jdbc.Util.getInstance(Util.java:382)
            at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1039)
            at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3593)
            at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3525)
            at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1986)
            at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2140)
            at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2626)
            at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:2111)
            at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2407)
            at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2325)
            at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2310)
            at org.jboss.resource.adapter.jdbc.CachedPreparedStatement.executeUpdate(CachedPreparedState ment.java:96)
            at org.jboss.resource.adapter.jdbc.WrappedPreparedStatement.executeUpdate(WrappedPreparedSta tement.java:365)
            at org.hibernate.hql.ast.exec.BasicExecutor.execute(BasicExecutor.java:75)
            ... 55 more
  2012-01-15 06:06:23,373 WARN  [org.hibernate.util.JDBCExceptionReporter] (UM Synch thread) SQL Error: 1062, SQLState: 23000
  2012-01-15 06:06:23,373 ERROR [org.hibernate.util.JDBCExceptionReporter] (UM Synch thread) Duplicate entry 'ali-4C787461-20AC-102F-BEB2-00000A8C088A' for key 'UIDINDEX'
  2012-01-15 06:06:23,373 ERROR [org.jboss.ejb.plugins.LogInterceptor] (UM Synch thread) RuntimeException in method: public abstract java.util.List com.adobe.idp.um.businesslogic.synch.dao.SynchronizationDAO.batchPersistPrincipals(com.ad obe.idp.um.entity.PrincipalDomainEntity,java.util.List,com.adobe.idp.um.entity.PrincipalEn tity$PrincipalType,boolean,com.adobe.idp.um.businesslogic.synch.SynchronizationContext):
  org.hibernate.exception.ConstraintViolationException: could not execute update query
            at org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:71)
            at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:43)
            at org.hibernate.hql.ast.exec.BasicExecutor.execute(BasicExecutor.java:84)
            at org.hibernate.hql.ast.QueryTranslatorImpl.executeUpdate(QueryTranslatorImpl.java:396)
            at org.hibernate.engine.query.HQLQueryPlan.performExecuteUpdate(HQLQueryPlan.java:259)
            at org.hibernate.impl.SessionImpl.executeUpdate(SessionImpl.java:1141)
            at org.hibernate.impl.QueryImpl.executeUpdate(QueryImpl.java:94)
            at com.adobe.idp.um.businesslogic.synch.hibernate.HibernateSynchronizationDao.batchPersistPr incipals(HibernateSynchronizationDao.java:338)
            at sun.reflect.GeneratedMethodAccessor1159.invoke(Unknown Source)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:597)
            at org.jboss.invocation.Invocation.performCall(Invocation.java:386)
            at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionConta iner.java:233)
            at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionI nterceptor.java:156)
            at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstance Interceptor.java:173)
            at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
            at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
            at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:404)
            at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
            at org.jboss.ejb.plugins.SecurityInterceptor.process(SecurityInterceptor.java:228)
            at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:211)
            at org.jboss.ejb.plugins.security.PreSecurityInterceptor.process(PreSecurityInterceptor.java :97)
            at org.jboss.ejb.plugins.security.PreSecurityInterceptor.invoke(PreSecurityInterceptor.java: 81)
            at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
            at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor. java:138)
            at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:650)
            at org.jboss.ejb.Container.invoke(Container.java:1092)
            at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invoke(BaseLocalProxyFactory.java:436)
            at org.jboss.ejb.plugins.local.StatelessSessionProxy.invoke(StatelessSessionProxy.java:103)
            at $Proxy522.batchPersistPrincipals(Unknown Source)
            at com.adobe.idp.um.businesslogic.synch.hibernate.HibernateSynchronizationDao.persistPrincip als(HibernateSynchronizationDao.java:215)
            at sun.reflect.GeneratedMethodAccessor1160.invoke(Unknown Source)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:597)
            at org.jboss.invocation.Invocation.performCall(Invocation.java:386)
            at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionConta iner.java:233)
            at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionI nterceptor.java:156)
            at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstance Interceptor.java:173)
            at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
            at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
            at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350)
            at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
            at org.jboss.ejb.plugins.SecurityInterceptor.process(SecurityInterceptor.java:228)
            at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:211)
            at org.jboss.ejb.plugins.security.PreSecurityInterceptor.process(PreSecurityInterceptor.java :97)
            at org.jboss.ejb.plugins.security.PreSecurityInterceptor.invoke(PreSecurityInterceptor.java: 81)
            at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
            at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor. java:138)
            at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:650)
            at org.jboss.ejb.Container.invoke(Container.java:1092)
            at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invoke(BaseLocalProxyFactory.java:436)
            at org.jboss.ejb.plugins.local.StatelessSessionProxy.invoke(StatelessSessionProxy.java:103)
            at $Proxy522.persistPrincipals(Unknown Source)
            at com.adobe.idp.um.businesslogic.synch.DirectoryPersister.batchPersist(DirectoryPersister.j ava:134)
            at com.adobe.idp.um.businesslogic.synch.DirectoryPersister.run(DirectoryPersister.java:98)
            at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
            at java.lang.Thread.run(Thread.java:662)
  Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLIntegrityConstraintViolationException: Duplicate entry 'ali-4C787461-20AC-102F-BEB2-00000A8C088A' for key 'UIDINDEX'
            at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
            at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java: 39)
            at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorIm pl.java:27)
            at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
            at com.mysql.jdbc.Util.handleNewInstance(Util.java:407)
            at com.mysql.jdbc.Util.getInstance(Util.java:382)
            at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1039)
            at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3593)
            at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3525)
            at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1986)
            at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2140)
            at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2626)
            at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:2111)
            at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2407)
            at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2325)
            at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2310)
            at org.jboss.resource.adapter.jdbc.CachedPreparedStatement.executeUpdate(CachedPreparedState ment.java:96)
            at org.jboss.resource.adapter.jdbc.WrappedPreparedStatement.executeUpdate(WrappedPreparedSta tement.java:365)
            at org.hibernate.hql.ast.exec.BasicExecutor.execute(BasicExecutor.java:75)
            ... 55 more
  2012-01-15 06:06:23,375 ERROR [org.jboss.ejb.plugins.LogInterceptor] (UM Synch thread) EJBException in method: public abstract java.util.List com.adobe.idp.um.businesslogic.synch.dao.SynchronizationDAO.persistPrincipals(com.adobe.i dp.um.entity.PrincipalDomainEntity,java.util.List,com.adobe.idp.um.entity.PrincipalEntity$ PrincipalType,com.adobe.idp.um.businesslogic.synch.SynchronizationContext), causedBy:
  org.hibernate.exception.ConstraintViolationException: could not execute update query
            at org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:71)
            at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:43)
            at org.hibernate.hql.ast.exec.BasicExecutor.execute(BasicExecutor.java:84)
            at org.hibernate.hql.ast.QueryTranslatorImpl.executeUpdate(QueryTranslatorImpl.java:396)
            at org.hibernate.engine.query.HQLQueryPlan.performExecuteUpdate(HQLQueryPlan.java:259)
            at org.hibernate.impl.SessionImpl.executeUpdate(SessionImpl.java:1141)
            at org.hibernate.impl.QueryImpl.executeUpdate(QueryImpl.java:94)
            at com.adobe.idp.um.businesslogic.synch.hibernate.HibernateSynchronizationDao.batchPersistPr incipals(HibernateSynchronizationDao.java:338)
            at sun.reflect.GeneratedMethodAccessor1159.invoke(Unknown Source)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:597)
            at org.jboss.invocation.Invocation.performCall(Invocation.java:386)
            at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionConta iner.java:233)
            at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionI nterceptor.java:156)
            at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstance Interceptor.java:173)
            at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
            at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
            at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:404)
            at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
            at org.jboss.ejb.plugins.SecurityInterceptor.process(SecurityInterceptor.java:228)
            at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:211)
            at org.jboss.ejb.plugins.security.PreSecurityInterceptor.process(PreSecurityInterceptor.java :97)
            at org.jboss.ejb.plugins.security.PreSecurityInterceptor.invoke(PreSecurityInterceptor.java: 81)
            at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
            at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor. java:138)
            at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:650)
            at org.jboss.ejb.Container.invoke(Container.java:1092)
            at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invoke(BaseLocalProxyFactory.java:436)
            at org.jboss.ejb.plugins.local.StatelessSessionProxy.invoke(StatelessSessionProxy.java:103)
            at $Proxy522.batchPersistPrincipals(Unknown Source)
            at com.adobe.idp.um.businesslogic.synch.hibernate.HibernateSynchronizationDao.persistPrincip als(HibernateSynchronizationDao.java:215)
            at sun.reflect.GeneratedMethodAccessor1160.invoke(Unknown Source)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:597)
            at org.jboss.invocation.Invocation.performCall(Invocation.java:386)
            at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionConta iner.java:233)
            at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionI nterceptor.java:156)
            at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstance Interceptor.java:173)
            at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
            at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
            at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350)
            at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
            at org.jboss.ejb.plugins.SecurityInterceptor.process(SecurityInterceptor.java:228)
            at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:211)
            at org.jboss.ejb.plugins.security.PreSecurityInterceptor.process(PreSecurityInterceptor.java :97)
            at org.jboss.ejb.plugins.security.PreSecurityInterceptor.invoke(PreSecurityInterceptor.java: 81)
            at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
            at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor. java:138)
            at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:650)
            at org.jboss.ejb.Container.invoke(Container.java:1092)
            at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invoke(BaseLocalProxyFactory.java:436)
            at org.jboss.ejb.plugins.local.StatelessSessionProxy.invoke(StatelessSessionProxy.java:103)
            at $Proxy522.persistPrincipals(Unknown Source)
            at com.adobe.idp.um.businesslogic.synch.DirectoryPersister.batchPersist(DirectoryPersister.j ava:134)
            at com.adobe.idp.um.businesslogic.synch.DirectoryPersister.run(DirectoryPersister.java:98)
            at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
            at java.lang.Thread.run(Thread.java:662)
  Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLIntegrityConstraintViolationException: Duplicate entry 'ali-4C787461-20AC-102F-BEB2-00000A8C088A' for key 'UIDINDEX'
            at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
            at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java: 39)
            at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorIm pl.java:27)
            at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
            at com.mysql.jdbc.Util.handleNewInstance(Util.java:407)
            at com.mysql.jdbc.Util.getInstance(Util.java:382)
            at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1039)
            at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3593)
            at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3525)
            at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1986)
            at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2140)
            at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2626)
            at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:2111)
            at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2407)
            at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2325)
            at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2310)
            at org.jboss.resource.adapter.jdbc.CachedPreparedStatement.executeUpdate(CachedPreparedState ment.java:96)
            at org.jboss.resource.adapter.jdbc.WrappedPreparedStatement.executeUpdate(WrappedPreparedSta tement.java:365)
            at org.hibernate.hql.ast.exec.BasicExecutor.execute(BasicExecutor.java:75)
            ... 55 more
  2012-01-15 06:06:23,434 WARN  [com.adobe.idp.um.businesslogic.synch.SynchronizationManager] (SimpleThreadPoolWorker-1) Error occured in read User/Group phase for domain KFUPM_AD(STARTED,3) hence this domain would not be include for later phases
  com.adobe.idp.um.businesslogic.synch.SynchronizationFailureException: Error occured while performing synchronization
            at com.adobe.idp.um.businesslogic.synch.DomainSynchronizer.synchronizeUserAndGroups(DomainSy nchronizer.java:142)
            at com.adobe.idp.um.businesslogic.synch.SynchronizationManager.synchronizeUsersAndGroups(Syn chronizationManager.java:351)
            at com.adobe.idp.um.businesslogic.synch.SynchronizationManager.synchronizeDomains(Synchroniz ationManager.java:224)
            at com.adobe.idp.um.businesslogic.synch.SynchronizationManager.synchronizeAllDomains(Synchro nizationManager.java:125)
            at com.adobe.idp.um.scheduler.DirectorySyncJob.executeJob(DirectorySyncJob.java:82)
            at com.adobe.idp.um.scheduler.AbstractClusterJob.execute(AbstractClusterJob.java:82)
            at org.quartz.core.JobRunShell.run(JobRunShell.java:203)
            at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)
  Caused by: com.adobe.idp.um.businesslogic.synch.SynchronizationFailureException: A fatal error has ocurred. Synchronization has been aborted.
            at com.adobe.idp.um.businesslogic.synch.DirectoryPersister.handleFatalError(DirectoryPersist er.java:247)
            at com.adobe.idp.um.businesslogic.synch.DirectoryPersister.run(DirectoryPersister.java:104)
            at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
            at java.lang.Thread.run(Thread.java:662)
  Caused by: javax.ejb.EJBException: RuntimeException
            at org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.java:417)
            at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:209)
            at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor. java:138)
            at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:650)
            at org.jboss.ejb.Container.invoke(Container.java:1092)
            at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invoke(BaseLocalProxyFactory.java:436)
            at org.jboss.ejb.plugins.local.StatelessSessionProxy.invoke(StatelessSessionProxy.java:103)
            at $Proxy522.batchPersistPrincipals(Unknown Source)
            at com.adobe.idp.um.businesslogic.synch.hibernate.HibernateSynchronizationDao.persistPrincip als(HibernateSynchronizationDao.java:215)
            at sun.reflect.GeneratedMethodAccessor1160.invoke(Unknown Source)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:597)
            at org.jboss.invocation.Invocation.performCall(Invocation.java:386)
            at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionConta iner.java:233)
            at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionI nterceptor.java:156)
            at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstance Interceptor.java:173)
            at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
            at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
            at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350)
            at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
            at org.jboss.ejb.plugins.SecurityInterceptor.process(SecurityInterceptor.java:228)
            at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:211)
            at org.jboss.ejb.plugins.security.PreSecurityInterceptor.process(PreSecurityInterceptor.java :97)
            at org.jboss.ejb.plugins.security.PreSecurityInterceptor.invoke(PreSecurityInterceptor.java: 81)
            at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
            at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor. java:138)
            at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:650)
            at org.jboss.ejb.Container.invoke(Container.java:1092)
            at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invoke(BaseLocalProxyFactory.java:436)
            at org.jboss.ejb.plugins.local.StatelessSessionProxy.invoke(StatelessSessionProxy.java:103)
            at $Proxy522.persistPrincipals(Unknown Source)
            at com.adobe.idp.um.businesslogic.synch.DirectoryPersister.batchPersist(DirectoryPersister.j ava:134)
            at com.adobe.idp.um.businesslogic.synch.DirectoryPersister.run(DirectoryPersister.java:98)
            ... 3 more
  Caused by: org.hibernate.exception.ConstraintViolationException: could not execute update query
            at org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:71)
            at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:43)
            at org.hibernate.hql.ast.exec.BasicExecutor.execute(BasicExecutor.java:84)
            at org.hibernate.hql.ast.QueryTranslatorImpl.executeUpdate(QueryTranslatorImpl.java:396)
            at org.hibernate.engine.query.HQLQueryPlan.performExecuteUpdate(HQLQueryPlan.java:259)
            at org.hibernate.impl.SessionImpl.executeUpdate(SessionImpl.java:1141)
            at org.hibernate.impl.QueryImpl.executeUpdate(QueryImpl.java:94)
            at com.adobe.idp.um.businesslogic.synch.hibernate.HibernateSynchronizationDao.batchPersistPr incipals(HibernateSynchronizationDao.java:338)
            at sun.reflect.GeneratedMethodAccessor1159.invoke(Unknown Source)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:597)
            at org.jboss.invocation.Invocation.performCall(Invocation.java:386)
            at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionConta iner.java:233)
            at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionI nterceptor.java:156)
            at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstance Interceptor.java:173)
            at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
            at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
            at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:404)
            at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
            at org.jboss.ejb.plugins.SecurityInterceptor.process(SecurityInterceptor.java:228)
            at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:211)
            at org.jboss.ejb.plugins.security.PreSecurityInterceptor.process(PreSecurityInterceptor.java :97)
            at org.jboss.ejb.plugins.security.PreSecurityInterceptor.invoke(PreSecurityInterceptor.java: 81)
            at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
            ... 34 more
  Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLIntegrityConstraintViolationException: Duplicate entry 'ali-4C787461-20AC-102F-BEB2-00000A8C088A' for key 'UIDINDEX'
            at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
            at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java: 39)
            at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorIm pl.java:27)
            at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
            at com.mysql.jdbc.Util.handleNewInstance(Util.java:407)
            at com.mysql.jdbc.Util.getInstance(Util.java:382)
            at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1039)
            at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3593)
            at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3525)
            at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1986)
            at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2140)
            at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2626)
            at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:2111)
            at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2407)
            at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2325)
            at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2310)
            at org.jboss.resource.adapter.jdbc.CachedPreparedStatement.executeUpdate(CachedPreparedState ment.java:96)
            at org.jboss.resource.adapter.jdbc.WrappedPreparedStatement.executeUpdate(WrappedPreparedSta tement.java:365)
            at org.hibernate.hql.ast.exec.BasicExecutor.execute(BasicExecutor.java:75)
            ... 55 more
  2012-01-15 06:06:23,440 INFO  [com.adobe.idp.um.businesslogic.synch.SynchronizationManager] (SimpleThreadPoolWorker-1) Synch was NOT successfull for the following domains [KFUPM_AD(STARTED,3)]
  2012-01-15 06:06:23,440 INFO  [com.adobe.idp.um.businesslogic.synch.SynchronizationManager] (SimpleThreadPoolWorker-1) Directory synchronization completed in 35 secs 

  Ok, I had two servers querying LDAP with same username and password and I thought that may have been the problem, but after disabling JBoss service on one and completely uninstalling and re-installing the other, I still get the same problem as above.
  Baffling!!