XADM: Credentials Error Occurs When You Create an ADC Connection Agreement (285817)


The information in this article applies to:

  • Microsoft Exchange 2000 Server
  • Microsoft Exchange Server 5.5
This article was previously published under Q285817

SYMPTOMS

When you try to create a Connection Agreement using the Active Directory Connector (ADC) Manager tool, you may receive the following error message when you click Apply or OK:
Neither the credentials specified on the Connection Agreement for the Windows 2000 server nor your current logged on account have sufficient permissions to create security groups within the users container on the Windows 2000 server specified in the connection agreement. These groups are required to hide distribution list membership on specified mail-enabled groups. Ensure that either the credentials specified on the Connection Agreement for the Windows 2000 server or your current logged on account are granted sufficient permissions to create security groups within the users container on the Windows 2000 server specified.

ID no: c103aa1e
Microsoft Active Directory Connector Management

CAUSE

This issue can occur if the Exchange Enterprise Servers group has either been deleted or moved out of the Users container. When you use the DomainPrep utility, the ADC attempts to query the Exchange Enterprise Servers group. If the ADC cannot find the group, it is unable to create a Connection Agreement that writes information to Active Directory (either a one-way Connection Agreement from Exchange Server to Microsoft Windows or a two-way Connection Agreement).

RESOLUTION

To resolve this issue, move the following Exchange Server groups and the built-in security groups back to the Users container:
  • Exchange Domain Servers
  • Exchange Enterprise Servers
  • Exchange Services
If one of the Exchange Server groups has been deleted, run Exchange 2000 Setup with the /domainprep switch to rebuild the missing group.

MORE INFORMATION

The Users container is an organizational unit that is unique to each Active Directory domain. The Users container is the default location for the built-in Windows 2000 security groups and Exchange Server security groups. It is recommended that you do not remove these groups from the Users container.
Modification Type:MinorLast Reviewed:4/25/2005
Keywords:kberrmsg kbprb KB285817
©2004 Microsoft Corporation. All rights reserved.