Microsoft KB Archive/296123

= XADM: An &quot;MSExchangeAL&quot; Event 8316 Message May Be Logged =

PSS ID Number: 296123

Article Last Modified on 6/5/2003

-

The information in this article applies to:


 * Microsoft Exchange 2000 Server

-



This article was previously published under Q296123



SYMPTOMS
The Recipient Update Service may not apply proxy addresses or other mailbox-enabling attributes on certain Active Directory user accounts.

If you increase the level of diagnostic logging on the MsExchangeAL performance object by means of Exchange System Manager (under the Server Properties section), the following event may be logged in the Application log:

Event Type: Warning

Event ID : 8316

Source : MSExchangeAL

Category : Replication

Description:

The service could not update the entry 'CN=John Doe,OU=NestedOU,OU=CustomOU,DC=company,DC=com' because inheritable permissions have been explicitly disabled to all objects in the container OU=CustomOU,DC=company,DC=com'. For this object to be mail-enabled properly, you will need to enable inheritable permissions on the security tab for this container so that the permissions can be propagated correctly to the entry that the service is trying to process. DC=company,DC=com

For more information, click http://www.microsoft.com/contentredirect.asp.



CAUSE
This behavior can occur because you have not enabled the Allow Inheritable Permissions option on the specified organizational unit in Active Directory.



RESOLUTION
To resolve this behavior, use one of the following two methods to re-establish Inheritable permissions:

Method 1: Use the ADSI Edit Utility
WARNING: If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Exchange 2000 Server, or both. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.
 * 1) Install the ADSI Edit utility, which is located in Windows 2000 Support Tools in the Windows 2000 Server CD-ROM.
 * 2) Start the ADSI Edit utility.
 * 3) Connect to DomainNC (Naming Context).
 * 4) Click the folder object that is indicated in the event ID. In this example, click CustomOU.
 * 5) Click Properties, and then click the Security tab.
 * 6) Click to select the Allow Inheritable Permissions check box, and then click OK.

Method 2: Use Active Directory Users and Computers

 * 1) In Active Directory Users and Computers, enable the Advanced view by clicking View, and then clicking Advanced in Microsoft Management Console (MMC).
 * 2) Click the folder object that is indicated in the event ID. In this example, click CustomOU.
 * 3) Click Properties, and then click the Security tab.
 * 4) Click to select the Allow Inheritable Permissions check box, and then click OK.

Additional query words: exch2kp2w

Keywords: kbprb KB296123

Technology: kbExchange2000Search kbExchange2000Serv kbExchange2000ServSearch kbExchangeSearch

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.