XADM: ADC RCA Does Not Replicate Exchange Distribution Lists to Universal Distribution Groups (329200)


The information in this article applies to:

  • Microsoft Exchange 2000 Server
This article was previously published under Q329200

SYMPTOMS

When you configure an Active Directory Connector (ADC) Recipient Connection Agreement (RCA) to replicate distribution lists in Exchange Server 5.5 to universal distribution groups on a Microsoft Windows 2000-based domain controller, some distribution lists may not replicate. You may receive the following error message in the Application log file:
Event Type: Error
Event Source: MSADC
Event Category: LDAP Operations
Event ID: 8021
Description:
LDAP Add on directory servername for entry 'DN of DL' was unsuccessful with error:[0x13] Constraint Violation [ 0000051B: AtrErr: DSID-031506D6, #1: 0: 0000051B: DSID-031506D6, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 20119 (nTSecurityDescriptor) ]. (Connection Agreement 'CA Name' #2088)
Error 0000051b (0x51b) relates to ERROR_INVALID_OWNER, "This security ID may not be assigned as the owner of this object."

CAUSE

This issue may occur if either the ADC service account or the Exchange Server service account does not have the SeRestorePrivilege set. This privilege makes it possible for an account to circumvent file and folder permissions during the restoration of backed-up files and folders and to set any valid security principal as the owner of an object. By default, this user right is assigned to administrators and backup operators.

RESOLUTION

To resolve this issue, grant the SeRestorePrivilege user right to the accounts that are used as the Exchange Server service account and the ADC service account. To do this, add the ADC and Exchange Server service accounts to the Backup Operators group on the domain controller.

NOTE: Depending on your configuration, the account that you use for the Exchange Server service account may be the same account you use for the ADC service account.

To add the ADC and Exchange Server service accounts to the Windows 2000 Domain Backup Operators group:
  1. Start the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in on a domain controller in the root domain.
  2. Right-click the account you use as the Exchange 2000 Service account, and then click Add members to a group.
  3. Click the Backup Operators group, and then click OK.
  4. Right-click the account you use as the ADC service account, and then click Add members to a group.
  5. Click the Backup Operators group, and then click OK.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

MORE INFORMATION

For additional information about how to migrate Exchange mailboxes, click the article number below to view the article in the Microsoft Knowledge Base:

328871 HOW TO: XADM: Migrate Mailboxes From an Exchange Organization to Exchange 2000

Modification Type:MinorLast Reviewed:6/13/2003
Keywords:kbbug kberrmsg kbpending KB329200
©2002 Microsoft Corporation. All rights reserved.