Microsoft KB Archive/277902

= XADM: The Recipient Update Service Writes a Non-Canonical Security Descriptor to the Group =

Article ID: 277902

Article Last Modified on 2/20/2007

-

APPLIES TO


 * Microsoft Exchange 2000 Server Standard Edition

-



This article was previously published under Q277902





SYMPTOMS
If Exchange Server 5.5 is running on a Microsoft Windows NT Server 4.0-based computer, Exchange Server 5.5 does not replicate groups with membership hidden in Active Directory. The Exchange Server 5.5 version of the Exchange Server Administrator program also cannot display these objects.



CAUSE
This problem can occur because for groups with membership hidden in Active Directory, the Recipient Update Service writes a non-canonical security descriptor to the group.

When the Exchange 2000 Active Directory Connector (ADC) is used, the change is replicated to Exchange Server 5.5, but when the Exchange 5.5 security descriptor is created, an ACCESS_ALLOWED_OBJECT_ACE type Access Control Entry (ACE) is created, which is only supported on Microsoft Windows 2000 Server and later. This causes problems when displaying the object on Exchange Server 5.5 computers because the Exchange Server 5.5 version of the Exchange Server Administrator program cannot process this type of security descriptor. If Exchange Server 5.5 is running on a Windows NT Server 4.0-based computer, replication of any naming context halts with an object that contains this kind of ACE.



RESOLUTION
To resolve this problem, obtain the latest service pack for Microsoft Exchange 2000 Server. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

301378 XGEN: How to Obtain the Latest Exchange 2000 Server Service Pack

The English version of this fix should have the following file attributes or later:

Component: ADC



STATUS
Microsoft has confirmed that this is a problem in Microsoft Exchange 2000 Server. This problem was first corrected in Microsoft Exchange 2000 Server Service Pack 1.

Additional query words: Replication security descriptor DL membership RUS

Keywords: kbbug kbfix kbqfe KB277902

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.