Microsoft KB Archive/329047

= Event IDs 8183 and 8270 When Active Directory Connector Is Not Replicating Successfully =

Article ID: 329047

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Exchange Server 2003 Enterprise Edition
 * Microsoft Exchange Server 2003 Standard Edition
 * Microsoft Exchange 2000 Server Standard Edition
 * Microsoft Windows Small Business Server 2003 Premium Edition
 * Microsoft Windows Small Business Server 2003 Standard Edition

-



This article was previously published under Q329047





SYMPTOMS
The Active Directory Connector (ADC) seems to be replicating in both directions, but the Application event log frequently logs the following event ID messages, which state that the ADC is not replicating because of a permissions issue:

Event ID 8183

Could not import the entry 'cn=account_name,cn=Recipients,ou=Northwind,o=Traders' into the directory server 'exchange_server' in the second attempt. (Connection Agreement 'exchange' #1536)

-and-

Event ID 8270

LDAP returned the error [32] Insufficient Rights when importing the transaction dn: cn=account_name,cn=Recipients,ou=Northwind,o=Traders changetype: Modify objectguid:F0723AF96A6318458B7E614C59C5FC77 msexchadcglobalnames:forest:o=Traders00000000A8796213BF26C201 : EX5:cn=account_name,cn=Recipients,ou=Northwind,o=Traders:organizationalp... : NT5:F0723AF96A6318458B7E614C59C5FC7700000000803E656D6F27C201 : FOREST:E6E7B9152BBB2943AB50BCE57155701300000000803E656D6F27C201 replication-signature:88BE82CD55340341A90BC62A6B3BD3D3 ReplicatedObjectVersion:28 nt-security-descriptor:01000480640000008000000000000000140000000200500002000000000024000A00000001050000...



CAUSE
The ADC logs these event ID messages because specific objects are not being updated correctly. Most replication occurs, but for these specific objects, a change in Active Directory is not replicating to the Exchange Server 5.5 object. The Active Directory Connector correctly replicates the non-security related attributes for objects, but ADC does not replicate security related changes because of permissions issues.



RESOLUTION
To resolve this issue, use the Exchange Server 5.5 Administrator program to check the permissions on the site object, and then look to see if the account that is listed on the Exchange 5.5 tab of the recipient Connection Agreement has Permission Admin privileges for the site object. To do so, follow these steps:  Click Start, point to Programs, point to Microsoft Exchange, and then click Microsoft Exchange Administrator. Click the site object. On the File menu, click Properties. Click the Permissions tab, verify that the account on the Exchange 5.5 tab of the recipient Connection Agreement is listed, and then verify that the role for the account is set to Permission Admin. If the account is not listed, use either of the following methods:  Locate an account to which the Permission Admin role has not been assigned, and then replace the account that is currently listed on the Exchange 5.5 tab of the recipient Connection Agreement with the new account.</li> Configure the Permission Admin role for the account that is currently listed on the Exchange 5.5 tab of the recipient Connection Agreement. To do so, on the Properties tab of the site object in the Exchange Server 5.5 Administrator program, click Add, and then click the account in the Domain Account list. Click OK, and then in the Role list, click Permission Admin.</li></ol> </li></ol>

Additional query words: XADM

Keywords: kbprb KB329047

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.