XADM: Strong Password Policy Prevents the ADC from Creating Enabled Users (297191)
The information in this article applies to:
- Microsoft Exchange 2000 Server
This article was previously published under Q297191 SYMPTOMS
When using the Active Directory Connector (ADC), you can configure a Connection Agreement (CA) to create enabled users in Active Directory when a mailbox is being replicated from Microsoft Exchange 5.5 for which the primary Windows account does not exist in the Windows domain. If you configure a CA to create enabled users and a strong password policy is in place in the Windows 2000 Active Directory domain, the user creation may not succeed. If ADC logging for category "LDAP Operations" is set to Minimum or higher, the following error will be logged in the Application log on the computer that is running the ADC:
Event Type: Error
Event Source: MSADC
Event Category: LDAP Operations
Event ID: 8021
Computer: ADCSERVER
Description:
LDAP Add on directory GCSERVER for entry
'cn=55user,CN=Users,DC=domain,DC=com'
was unsuccessful with error:[0x35] Unwilling To Perform
[ 0000052D: SvcErr: DSID-031A0B56, problem 5003
(WILL_NOT_PERFORM), data 0 ].
(Connection Agreement 'Exchange 5.5 to AD' #3516)
CAUSE
This behavior occurs because when the ADC creates enabled or disabled accounts, it does not set a strong password, which is not an issue for disabled users because strong password policy is not applicable to disabled user accounts.
RESOLUTION
To resolve this behavior, set the ADC to create disabled accounts instead of the enabled windows accounts; configure the CA to create disabled users:
- Open the ADC Management Microsoft Management Console (MMC).
- Expand the ADC Server folder that contains the CA.
- Right-click the CA, and then click Properties.
- Click the Advanced tab.
- Under When replicating a mailbox whose primary Windows account does not exist in the domain, click the Create a new Windows user account option.
Modification Type: | Minor | Last Reviewed: | 4/25/2005 |
---|
Keywords: | kbprb KB297191 |
---|
|