XADM: The Recipient Update Service Writes a Non-Canonical Security Descriptor to the Group (277902)

SYMPTOMS

If Exchange Server 5.5 is running on a Microsoft Windows NT Server 4.0-based computer, Exchange Server 5.5 does not replicate groups with membership hidden in Active Directory. The Exchange Server 5.5 version of the Exchange Server Administrator program also cannot display these objects.

CAUSE

This problem can occur because for groups with membership hidden in Active Directory, the Recipient Update Service writes a non-canonical security descriptor to the group.

When the Exchange 2000 Active Directory Connector (ADC) is used, the change is replicated to Exchange Server 5.5, but when the Exchange 5.5 security descriptor is created, an ACCESS_ALLOWED_OBJECT_ACE type Access Control Entry (ACE) is created, which is only supported on Microsoft Windows 2000 Server and later. This causes problems when displaying the object on Exchange Server 5.5 computers because the Exchange Server 5.5 version of the Exchange Server Administrator program cannot process this type of security descriptor. If Exchange Server 5.5 is running on a Windows NT Server 4.0-based computer, replication of any naming context halts with an object that contains this kind of ACE.

RESOLUTION

To resolve this problem, obtain the latest service pack for Microsoft Exchange 2000 Server. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

301378 XGEN: How to Obtain the Latest Exchange 2000 Server Service Pack

The English version of this fix should have the following file attributes or later:

Component: ADC

File name	Version
Adc.exe	6.0.4418.18

XADM: The Recipient Update Service Writes a Non-Canonical Security Descriptor to the Group (277902)

SYMPTOMS

CAUSE

RESOLUTION

STATUS