GW7 Exchange Connector & Child Domains

Similar Messages

• Exchange 2013 sp1 smtp NTLM auth for child domain users

  i have exchange organization with exchange 2007 sp 3 & exchange 2013 sp1.
  there are  all users in Exchange 2013 server (mail flow is through Exchange 2013 server)
  i have single forest, 2 site (site1, site2), root domain root.local and 1 child domain ch.root.local
  DC  for child domain is located in site2 (dc.ch.root.local)
  multirole exchange 2013 server is installed in root domain.
  i am traing to configure smtp receive connector with NTLM auth and have one problem.
  when user in child domain try send email through this receive connector i see in log
  <,AUTH NTLM,
  >,334 <authentication response>,
  *,SMTPSubmit SMTPAcceptAnyRecipient BypassAntiSpam AcceptRoutingHeaders,Set Session Permissions
  *,CH\user1,authenticated
  *,,Setting up client proxy session failed with error: 535 5.7.3 Unable to proxy authenticated session because either the backend does not support it or failed to resolve the user
  *,,"Setting up client proxy session failed with error: 451 4.4.0 Primary target IP address responded with: ""535 5.7.3 Unable to proxy authenticated session because either
  the backend does not support it or failed to resolve the user."" Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was 192.168.1.15:465"
  but authentication is succesfull for users from root domain.
  why do it can be?
  Thanks.

  thanks for link
  at smtp receive logs (Hub transport role) i've found the  next:
  Client Proxy EXMAIL2013,08D134DAF6CE1C51,49,192.168.1.15:465,
  *,NT AUTHORITY\SYSTEM,authenticated
  >,235 <authentication response>,
  <,XPROXY SID=08D130D354F520D1 IP=192.168.1.21 PORT=57085 DOMAIN=[192.168.1.21] CAPABILITIES=0 SECID=Uy0xxx...
  *,,Error while looking up SamAccountName chuser: The user name or password is incorrect.\r\n
  *,None,Set Session Permissions
  >,250 XProxy accepted but user identity could not be obtained,

• Exchange 2010 unable to find objects in child domain via ESM

  I am having a problem on Exchange 2010 which relates to mailboxes whose AD account is in a child domain in the AD forest.
  We have two domains A & B in the forest. The site which hosts E2010 only has DCs from domain A (root domain). These DCs are set as Global Catalogues.
  All Exchange servers (2 x CAS & 2 x Mailbox) installed in Domain A (primary site) can resolve domain B and performing nslookups for domain B on these server displays the DCs installed
  in domain B at remote sites.
  I am migrating some resource mailboxes with AD accounts in domain B and need to set them up as room mailboxes to enable the auto accept bookings feature.
  After migrating the mailboxes via the EMS to set the mailbox as a room, below is the error I get:
  [PS] C:\Windows\system32>set-mailbox mtgrm1@domainB
   -Type Room
  The operation couldn't be performed because object 'mtgrm1@ domainB' couldn't be found on 'DC01.domainA.com'.
      + CategoryInfo          : NotSpecified: (0:Int32) [Set-Mailbox], ManagementObjectNotFoundException
      + FullyQualifiedErrorId : 9E6F6A1,Microsoft.Exchange.Management.RecipientTasks.SetMailbox
  I have also tried using only the alias and the object CN:
  set-mailbox mtgrm1 -Type Room
  set-mailbox –identity 'domainB/Sitename/ Users/MSX Resource Accounts/Conf MtgRm1 (Video)' -Type Room
  but get the same error.
  All employee mailboxes from Domain B have been migrated to Exchange 2010 from 2003 and are working with no problems.
  I have confirmed domain B has been prepared for E2010 - In the Microsoft Exchange System Objects container in AD there is the global group Exchange Install Domain Servers.
  Event ID 2080
  Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1864). Exchange Active Directory Provider has discovered the following servers with the following characteristics:
   (Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
  In-site:
  dc02.domainA.COM           
  CDG 1 7 7 1 0 1 1 7 1
  DC01.domainA.com            
  CDG 1 7 7 1 0 1 1 7 1
   Out-of-site:
  DC03.domainA.COM          
  CDG 1 0 0 1 0 0 0 0 0
  dc04.domainA.COM           
  CDG 1 0 0 1 0 0 0 0 0
  Please note the Out of site DCs are for our Exchange failover site which is currently down due to the storms on the East Coast.
  Does Exchange 2010 require a local DC for the second domain installed in the sites which host Exchange? If not, any advise on what else I can look at will be appreciated.
  Thanks.

  Hi there,
  If the questions is answered, please mark it accordingly. Thanks. 
  Fiona Liao
  TechNet Community Support

• Can't create Exchange users in a new child domain

  Hi,
  i have an Exchange 2010 SP3 ( 1 CAS/Hub + 1 mailbox) server running in a parent domain. Few days ago i've created a new child domain, but i can't create mailbox for users coming from this new child domain.
  The error message says that i don't have enough rights to do this operation (can't copy the error, translation from frecnh will be a disaster :p )
  That's what i get :
  Réponse d'Active Directory : 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
  I'm doing this with my parent domain administrator.
  I've read that the exchange infra had to be prepared for all domains with command
  setup.com /PrepareAllDomains
  is it possible with an existing exchange?
  Thanks for your replies

  Yes, you need to prepare any domain that will have mail-enabled accounts in it.
  You can run this for a specific domain:
  setup /PrepareDomain:<FQDN of domain you want to prepare> to prepare a specific domain.
  Its safe to run this in an existing Exchange org.
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• How to configure SCSM exchange connector when exchange server is in different domain.

  We installed/configured SCSM in ABC domain and now need to use exchange connector for incident alert mail.
  But exchange server is in different domain, say XYZ.
  How do we configure?
  Thanks,
  Abhilash

  Cannot configure trust at AD level. But in the config article, following points are given.. but not clear on first 2 steps. Also, we did not find option to "navigate to certificate template and right click certificate templates".
  sorry, i dont have much exp with certificates. If steps are described little more clear, would be helpful.
  a.     If your Service Manager management server does not have a trusted relationship with the Exchange Server, open Certificate Services and create a duplicate copy of the Web Server Certificate Template. Ensure that Private Key Export and Publish
  in AD are selected, and then add Read and Enroll permission to Authenticated Users.
  b.     In Certificate Services, navigate to Certificate Template and right-click Certificate Templates. Click New and then click Certificate Template to Issue. Select the template that you created in the previous step.
  c.     In Exchange Server, open the Microsoft Management Console and add the Certificates snap-in for the local computer. Right-click the Personal logical store, and then hover over All Tasks.
  d.     Select Request for New certificate and in the Certificate Enrollment wizard, select Active Directory Enrollment Policy and select the template that you created previously. When you select the certificate, you can click More Information to type
  the Exchange Server’s FQDN name as the common name in the Subject tab. You can also type the FQDN name as the Friendly Name in the General tab.
  Thanks,
  Abhilash

• Exchange mailbox creation for child domain

  Hi Friend,'
  I want to add a child domain,some thing like group.domain.com. We have an exchange 2013 in the network, my requirement is to create 50 users in the child domain and create mail accounts for this child domain users. 
  My main challenge is to create the CDC and my exchange have the name space domain.com and my CDC is group.domain.com,but i want to add users in mailserver for the CDC users as [email protected]
  I know how to add additional suffix in exchange and AD :
  http://www.sysguru.in/2014/09/creating-additional-suffixname-space-in.html
  Is it possible to use the same scenario for my CDC users also?
  Regards

  Hi,
  In your case, if you want to add additional suffix in your Exchange server in the child domain, you need to add the root domain as an accepted domain.
  Here is an article about accepted domain for your reference.
  Accepted domains
  https://technet.microsoft.com/en-us/library/bb124423(v=exchg.150).aspx
  Hope this can be helpful to you.
  Best regards,
  Amy Wang
  TechNet Community Support

• User Migration from Parent Domain to Child Domain..The user is enabled with Exchange 2010 Mailbox in Parent Domain

  We currently have a single Windows 2008 R2 Active Directory domain controller, and an Exchange 2010 server. We are in the process of adding a child domain on a second Active Directory server for an offsite office location for a subdivision of our company.
  The two locations will be connected via VPN.
  Currently users exist on the root domain with Exchange accounts who will be moving to the new offsite company/location. We would like to be able to move these user accounts to the child domain while maintaining their existing Exchange mailboxes and
  email addresses. Is this possible, and if so how would we do it?

  Hi Srinivasa,
  According to your description, I think you have done all the preparation.
  For DL migration, the following article may give your some hints:
  How to Migrate Distribution Groups Across a Forest
  Good Luck!
  Niko Cheng
  TechNet Community Support

• Child domain not available when creating new mailbox in Exchange 2010

  I’ve
  installed Exchange 2010 in my environment with a single existing Exchange 2003
  server. All current mailboxes are on the child domain. We have 1 root domain
  (rootdomain.com) and 1 child domain (child.rootdomain.com). Currently,
  we're in the coexistence phase and mailflow is working as expected. Today,
  I created a new mailbox using EMC on Exchange 2010 and noticed that the
  child domain is not available. Only the root domain is available? 
  Hopefully, I do not need to reinstall Exchange 2010. How do I go about adding
  the child domain?

  Did you domain prep the child domain?
  http://technet.microsoft.com/en-us/library/bb125224(v=exchg.141).aspx
  From a Command Prompt window, run one of the following commands:
  Run setup /PrepareDomain or setup /pd to prepare the local domain. You don't need to run this in the domain where you ran Step 3. Running
  setup /PrepareAD prepares the local domain.
  Run setup /PrepareDomain:<FQDN of domain you want to prepare> to prepare a specific domain.
  Run setup /PrepareAllDomains or setup /pad to prepare all domains in your organization.
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• SCCM 2012 and Exchange Connector some how getting wrong domain when associating devices to users

  I happen to go to the SCCM software catalog site and click devices and noticed that my mobile device was not included.
  After finding my device in All Mobile Devices I found the following:
  For my device the connect assigned Foo\UserName where it should have actually been Bar\UserName.
  Our domain is foo.domain but when we log in to computers we use bar\Username. If I login as
  [email protected] authentication works.
  So how do I get the SCCM Exchange connector to select Bar\UserName and not foo\username? I'm guessing that this is actually an Exchange issue but I figure I would ask here first.
  Thanks!

  Since no one has answer this post, I recommend opening  a support case with CSS as they can work with you to solve this problem.
  Garth Jones | My blogs: Enhansoft and
  Old Blog site | Twitter:
  @GarthMJ

• Prepping New Child Domain for Exchange so Users can use it

  I have a new Child Domain that needs a "prep" for Exchange 2010 User objects.  Instructions don't indicate on which DC this "prep" needs to be made.
  Anyone done this before?  Thank you!!
  Charlie

  Hi ,
  You can prefer anyone of the domain controller in the child domain for preparing the domain .
  Setup.exe /PrepareDomain:<FQDN of the domain you want to prepare> /IAcceptExchangeServerLicenseTermsReference link : http://technet.microsoft.com/en-us/library/bb125224(v=exchg.150).aspxOn that above link please refer the topic "Let me choose which Active Directory domains I want to prepare"RegardsS.Nithyanandham
  Thanks & Regards S.Nithyanandham

• Child domain loss Exchange server permission

  One of my child domain missed Exchange role security permission, anyone know how to restore it back?  Please give me advice, thx a lot

  Hi waiyeung,
  Thank you for your question.
  We could use ADsiedit.msc in child domain controller to check if the missed permission is existed:
  Run ADsiedit.msc in Run
  Navigate Default naming context[domain.com]>Microsoft Exchange Security Groups
  If the missed permission has been existed, we could check sync between child Domain Controller and Exchange server.
  If the missed permission has been not existed, we could follow Andy’s suggestion to update domain schema .
  If there are any questions regarding this issue, please be free to let me know. 
  Best Regard,
  Jim

• Scsm 2012 r2 (ur 3) with exchange connector 3 - state never run but reveices mail in opm log?!

  Hello everybody,
  we have installed scsm 2012 r2 (UR 3) with exchange connector 3. We have connected the connector by the workflow Account (domain user "servicedesk" is in local admin group of the sm server and in the sm Administrators group) and have access
  to the mailbox on exchange (2010; autodiscovery is working correct). We receive all mails in the servicedesk mailbox on restarting the sm services and see the mails in the opm logs. But no incidents are created and the connector stays in "never
  tun" state and does not receive mails any More after the first start. What do we have missed to check? Beste regards Thomas

  i have added the registry keys.
  the last log says:
  EwsResponse: <Trace Tag="EwsResponse" Tid="1" Time="2014-08-10 18:38:52Z" Version="14.03.0067.001">
    <?xml version="1.0" encoding="utf-8"?>
    <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
      <s:Header>
        <h:ServerVersionInfo MajorVersion="14" MinorVersion="3" MajorBuildNumber="174" MinorBuildNumber="1" Version="Exchange2010_SP2" xmlns:h="http://schemas.microsoft.com/exchange/services/2006/types"
  xmlns="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" />
      </s:Header>
      <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <m:FindItemResponse xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types">
          <m:ResponseMessages>
            <m:FindItemResponseMessage ResponseClass="Success">
              <m:ResponseCode>NoError</m:ResponseCode>
              <m:RootFolder IndexedPagingOffset="1" TotalItemsInView="1" IncludesLastItemInRange="true">
                <t:Items>
                  <t:Message>
                    <t:ItemId Id="AAMkAGM0NzI4Nzc5LWM0NWMtNDBiZC1iMjIyLWU5YTZlNGM0YjVjZgBGAAAAAADPPKNYSCzLRLMWL/UoJg1CBwAVmecTYATlQovl76GEizxlAAAAoyGrAAAVmecTYATlQovl76GEizxlAAAAo0kZAAA="
  ChangeKey="CQAAABYAAAAVmecTYATlQovl76GEizxlAAAAo4Fd" />
                    <t:ParentFolderId Id="AAMkAGM0NzI4Nzc5LWM0NWMtNDBiZC1iMjIyLWU5YTZlNGM0YjVjZgAuAAAAAADPPKNYSCzLRLMWL/UoJg1CAQAVmecTYATlQovl76GEizxlAAAAoyGrAAA="
  ChangeKey="AQAAAA==" />
                    <t:ItemClass>IPM.Note</t:ItemClass>
                    <t:Subject>Test 1</t:Subject>
                    <t:Sensitivity>Normal</t:Sensitivity>
                    <t:DateTimeReceived>2014-08-10T18:35:12Z</t:DateTimeReceived>
                    <t:Size>2858</t:Size>
                    <t:Importance>Normal</t:Importance>
                    <t:IsSubmitted>false</t:IsSubmitted>
                    <t:IsDraft>false</t:IsDraft>
                    <t:IsFromMe>false</t:IsFromMe>
                    <t:IsResend>false</t:IsResend>
                    <t:IsUnmodified>true</t:IsUnmodified>
                    <t:DateTimeSent>2014-08-10T18:34:56Z</t:DateTimeSent>
                    <t:DateTimeCreated>2014-08-10T18:35:12Z</t:DateTimeCreated>
                    <t:DisplayCc />
                    <t:DisplayTo>Service Desk</t:DisplayTo>
                    <t:HasAttachments>false</t:HasAttachments>
                    <t:Culture>de</t:Culture>
                    <t:EffectiveRights>
                      <t:CreateAssociated>false</t:CreateAssociated>
                      <t:CreateContents>false</t:CreateContents>
                      <t:CreateHierarchy>false</t:CreateHierarchy>
                      <t:Delete>true</t:Delete>
                      <t:Modify>true</t:Modify>
                      <t:Read>true</t:Read>
                    </t:EffectiveRights>
                    <t:LastModifiedName>Thomas Göttl</t:LastModifiedName>
                    <t:LastModifiedTime>2014-08-10T18:35:12Z</t:LastModifiedTime>
                    <t:Sender>
                      <t:Mailbox>
                        <t:Name>Thomas Göttl</t:Name>
                      </t:Mailbox>
                    </t:Sender>
                    <t:IsReadReceiptRequested>false</t:IsReadReceiptRequested>
                    <t:ConversationIndex>Ac+0ycOTmfHK8XrvSM2ftu9rcjREeg==</t:ConversationIndex>
                    <t:ConversationTopic>Test 1</t:ConversationTopic>
                    <t:From>
                      <t:Mailbox>
                        <t:Name>Thomas Göttl</t:Name>
                      </t:Mailbox>
                    </t:From>
                    <t:InternetMessageId>&lt;[email protected]&gt;</t:InternetMessageId>
                    <t:IsRead>false</t:IsRead>
                    <t:ReceivedBy>
                      <t:Mailbox>
                        <t:Name>Service Desk</t:Name>
                      </t:Mailbox>
                    </t:ReceivedBy>
                    <t:ReceivedRepresenting>
                      <t:Mailbox>
                        <t:Name>Service Desk</t:Name>
                      </t:Mailbox>
                    </t:ReceivedRepresenting>
                  </t:Message>
                </t:Items>
              </m:RootFolder>
            </m:FindItemResponseMessage>
          </m:ResponseMessages>
        </m:FindItemResponse>
      </s:Body>
    </s:Envelope>
  </Trace>
  and the one before:
  EwsResponseHttpHeaders: <Trace Tag="EwsResponseHttpHeaders" Tid="1" Time="2014-08-10 18:38:52Z">
  200 OK
  Transfer-Encoding: chunked
  Content-Encoding: gzip
  Vary: Accept-Encoding
  Persistent-Auth: false
  Cache-Control: private
  Content-Type: text/xml; charset=utf-8
  Date: Sun, 10 Aug 2014 18:38:51 GMT
  Server: Microsoft-IIS/7.5
  WWW-Authenticate: Negotiate oYGyMIGvoAMKAQChCwYJKoZIgvcSAQICooGaBIGXYIGUBgkqhkiG9xIBAgICAG+BhDCBgaADAgEFoQMCAQ+idTBzoAMCAReibARqZCLk7OlBLjMLGg8XtQO+mutKfYPyK2jeJ2B+wq9raDj1chIZkQT0/72YftQJfdtu1DwfzmlEz8kDSD7ElFT2nF/T5LMDIMT4EpLJALsGQPTec86ubSbl1dKsIZn09qdoGDg5tGxV0bwOSg==
  X-AspNet-Version: 2.0.50727
  X-Powered-By: ASP.NET
  </Trace>
  the one before:
  EwsRequest: <Trace Tag="EwsRequest" Tid="1" Time="2014-08-10 18:38:51Z" Version="14.03.0067.001">
    <?xml version="1.0" encoding="utf-8"?>
    <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
      <soap:Header>
        <t:RequestServerVersion Version="Exchange2007_SP1" />
        <t:TimeZoneContext>
          <t:TimeZoneDefinition Id="W. Europe Standard Time" />
        </t:TimeZoneContext>
      </soap:Header>
      <soap:Body>
        <m:FindItem Traversal="Shallow">
          <m:ItemShape>
            <t:BaseShape>AllProperties</t:BaseShape>
          </m:ItemShape>
          <m:IndexedPageItemView MaxEntriesReturned="1" Offset="0" BasePoint="Beginning" />
          <m:Restriction>
            <t:And>
              <t:IsEqualTo>
                <t:FieldURI FieldURI="message:IsRead" />
                <t:FieldURIOrConstant>
                  <t:Constant Value="false" />
                </t:FieldURIOrConstant>
              </t:IsEqualTo>
              <t:IsEqualTo>
                <t:FieldURI FieldURI="item:ItemClass" />
                <t:FieldURIOrConstant>
                  <t:Constant Value="IPM.Note" />
                </t:FieldURIOrConstant>
              </t:IsEqualTo>
            </t:And>
          </m:Restriction>
          <m:ParentFolderIds>
            <t:DistinguishedFolderId Id="inbox" />
          </m:ParentFolderIds>
        </m:FindItem>
      </soap:Body>
    </soap:Envelope>
  </Trace>
  the one before:
  EwsRequestHttpHeaders: <Trace Tag="EwsRequestHttpHeaders" Tid="1" Time="2014-08-10 18:38:51Z">
  POST /EWS/Exchange.asmx HTTP/1.1
  Content-Type: text/xml; charset=utf-8
  Accept: text/xml
  User-Agent: ExchangeServicesClient/14.03.0067.001
  Accept-Encoding: gzip,deflate
  </Trace>
  the one before (xxx for our Domain):
  Exchange Connector: Autodiscovered URL: https://sv-exchange01.xxx.intra/EWS/Exchange.asmx
  Is there something we missed?

• Using the Ntdsutil utility to remove the only (tombstoned) DC along with an orphaned child domain

  Hello experts,
  before working on a server consolidation project for a new customer the situation was:
  Headquarter (I will not mention file and application servers)
  ==================================================
  - One physical server running Windows Server 2003 R2 Standard Edition acting as a Domain Controller and Global
  Catalog, holding the Five FSMO roles and running Microsoft Exchange Server 2003.
  ==================================================
  Branch office (connected to the corporate office by using a persistent site-to-site VPN)
  ==================================================
  - One physical server running Windows Server 2003 R2 Standard Edition acting as a file server and a Domain Controller
  in a child domain. Before we started work on the server consolidation project, this Domain controller at the remote site already was tombstoned.
  ==================================================
  After working on the server consolidation project the situation is:
  Headquarter
  ==================================================
  - We have added a new VM running Windows Server 2003 R2 Standard Edition acting as a Domain Controller.
  - We have added a new VM running Windows Server 2008 R2 Standard Edition running Exchange 2007 Service Pack 3
  and successfully migrated Exchange 2003 to 2007. We are ready to remove Exchange 2003 from the old physical server running Windows Server 2003 R2 Standard Edition.
  ==================================================
  Branch office
  ==================================================
  - We have added a new VM running Windows Server 2003 R2 and promoted it to be a new Domain Controller in a new
  forest.
  - We have turned off the tombstoned Domain Controller after migrating the applications and users to the new domain.
  We haven't tried to demote it gracefully because it is totally screwed up
  ==================================================
  In order to decommission the two remaining physical servers (the one acting as a Domain Controller and Global
  Catalog, holding the Five FSMO roles and running Microsoft Exchange Server 2003 in the Headquarter and the tombstoned Domain Controller in the Branch office) our plan is to:
  ==================================================
  1. Use the Ntdsutil.exe utility to manually remove the tombstoned Domain Controller in the Branch office.
  2. After manually removing the tombstoned Domain Controller in the Branch office (step above), use the Ntdsutil.exe utility
  to manually remove the orphaned child domain from Active Directory.
  3. Transfer the role of the global catalog and all FSMO roles to the new VM we have added in the Headquarter (It is already
  acting as a Domain Controller).
  4. Remove Exchange 2003 from and gracefully demote the old physical server running in the Headquarter. ==================================================
  Does our plan above make sense to you ? Can someone please explain or provide instructions for step 1 & 2 above ?
  I would be very grateful if someone could kindly share some thoughts.
  Any help/information will be greatly appreciated.
  Regards,
  Massimiliano

  To remove an orphaned child domain: http://support.microsoft.com/en-us/kb/230306
  To do a metadata cleanup: https://technet.microsoft.com/en-us/library/cc816907%28v=ws.10%29.aspx
  Your plan is okay. Just make sure that your DCs are in healthy state and AD replication is fine using
  dcdiag and repadmin commands before proceeding with demoting. Also, take system state backups before proceeding.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile
  Hello Ahmed,
  thank you for your reply to my question.
  I have analyzed the replication status for all domain controllers in the Active Directory forest using the Active
  Directory Replication Status Tool (ADREPLSTATUS). All DCs are in healthy state and AD replication is fine.
  The only replication errors shown in the Active Directory Replication Status Tool are those involving the tombstoned
  Domain Controller in the Branch office, so I think it should be safe to go ahead.
  It is my understanding that before removing the orphaned child domain I should remove the tombstoned Domain Controller
  in the Branch office. Can I refer to the instructions on the following webpage:
  ==================================================
  http://www.petri.com/delete_failed_dcs_from_ad.htm ==================================================
  Thank you,
  Massimiliano

• Arbitration mailboxes exist in root and child domains, which to delete?

  Hi,
  I discovered a problem with my Arbitration Mailboxes when setting up a Moderated Distribution group. The moderator wasn't receiving an email from Exchange advising that there was a message that needed to be approved or declined. A bit of digging in Message
  Tracking and the Event log (IDs 9214 & 9217) revealed that the email address for the MS Exchange Approval Assistant exists twice, in both our root and child domains. 
  The question is which to delete, the account in root or child? All of the users are in the child domain so presumably it's the account in root which I should delete, but I'm not 100% sure.
  Any pointers very welcome.
  Cheers.

  Hi,
  Agree with Andy. The arbitration accounts are in the root domain by default. You should delete the account in child domain. Then you can use the Get-Mailbox -Arbitration | fl displayname command to check if you can get this system mailbox in child domain.
  If you can't get this system mailbox in the child domain, you need to run the following command, so that the scope of the search is changed to the forest level.
  Set-ADServerSettings –ViewEntireForest $true
  Best regards,
  Belinda
  Belinda Ma
  TechNet Community Support

• Exchange Connector 9.1.1.1.0 -Support for multivalued attribute

  Hi,
  I am currently on OIM 9.1 BP07 + weblogic 10.3 + RHEL5.
  Currently I have a mutlvalued attribute that needs to be reconciled, when I use OOTB reconciliation task i get column not found exception on child table which is configured to hold multivalued attribute.
  1. Is OOTB exchange connector supports Multivalued attribute reconciliation?
  2. If no, how can i populate the child form during custom reconciliation process?
  Thanks

  Hello,
  This is the Berkeley DB forum. As such you can try your question in the General Database forum at:
  General Database Discussions
  Thanks,
  Sandra