Microsoft KB Archive/329200

= XADM: ADC RCA Does Not Replicate Exchange Distribution Lists to Universal Distribution Groups =

Article ID: 329200

Article Last Modified on 2/28/2007

-

APPLIES TO


 * Microsoft Exchange 2000 Server Standard Edition

-



This article was previously published under Q329200



SYMPTOMS
When you configure an Active Directory Connector (ADC) Recipient Connection Agreement (RCA) to replicate distribution lists in Exchange Server 5.5 to universal distribution groups on a Microsoft Windows 2000-based domain controller, some distribution lists may not replicate. You may receive the following error message in the Application log file:

Event Type: Error

Event Source: MSADC

Event Category: LDAP Operations

Event ID: 8021

Description:

LDAP Add on directory  for entry ' ' was unsuccessful with error:[0x13] Constraint Violation [ 0000051B: AtrErr: DSID-031506D6, #1: 0: 0000051B: DSID-031506D6, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 20119 (nTSecurityDescriptor) ]. (Connection Agreement ' ' #2088)

Error 0000051b (0x51b) relates to ERROR_INVALID_OWNER, &quot;This security ID may not be assigned as the owner of this object.&quot;



CAUSE
This issue may occur if either the ADC service account or the Exchange Server service account does not have the SeRestorePrivilege set. This privilege makes it possible for an account to circumvent file and folder permissions during the restoration of backed-up files and folders and to set any valid security principal as the owner of an object. By default, this user right is assigned to administrators and backup operators.



RESOLUTION
To resolve this issue, grant the SeRestorePrivilege user right to the accounts that are used as the Exchange Server service account and the ADC service account. To do this, add the ADC and Exchange Server service accounts to the Backup Operators group on the domain controller.

NOTE: Depending on your configuration, the account that you use for the Exchange Server service account may be the same account you use for the ADC service account.

To add the ADC and Exchange Server service accounts to the Windows 2000 Domain Backup Operators group:
 * 1) Start the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in on a domain controller in the root domain.
 * 2) Right-click the account you use as the Exchange 2000 Service account, and then click Add members to a group.
 * 3) Click the Backup Operators group, and then click OK.
 * 4) Right-click the account you use as the ADC service account, and then click Add members to a group.
 * 5) Click the Backup Operators group, and then click OK.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.



MORE INFORMATION
For additional information about how to migrate Exchange mailboxes, click the article number below to view the article in the Microsoft Knowledge Base:

328871 HOW TO: XADM: Migrate Mailboxes From an Exchange Organization to Exchange 2000

Keywords: kbbug kberrmsg kbpending KB329200

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.