Event IDs 8183 and 8270 When Active Directory Connector Is Not Replicating Successfully (329047)
The information in this article applies to:
- Microsoft Exchange Server 2003 Enterprise Edition
- Microsoft Exchange Server 2003 Standard Edition
- Microsoft Exchange 2000 Server
- Microsoft Windows Small Business Server 2003, Premium Edition
- Microsoft Windows Small Business Server 2003, Standard Edition
This article was previously published under Q329047 X5:208702 SYMPTOMS The Active Directory Connector (ADC) seems to be
replicating in both directions, but the Application event log frequently logs
the following event ID messages, which state that the ADC is not replicating
because of a permissions issue:
Event ID 8183
Could not import the entry 'cn=account_name,cn=Recipients,ou=Northwind,o=Traders' into the directory server 'exchange_server' in the second attempt. (Connection Agreement 'exchange' #1536) Event ID 8270
LDAP returned the error [32] Insufficient Rights when importing the transaction dn: cn=account_name,cn=Recipients,ou=Northwind,o=Traders
changetype: Modify
objectguid:F0723AF96A6318458B7E614C59C5FC77
msexchadcglobalnames:forest:o=Traders00000000A8796213BF26C201
: EX5:cn=account_name,cn=Recipients,ou=Northwind,o=Traders:organizationalp...
: NT5:F0723AF96A6318458B7E614C59C5FC7700000000803E656D6F27C201
: FOREST:E6E7B9152BBB2943AB50BCE57155701300000000803E656D6F27C201
replication-signature:88BE82CD55340341A90BC62A6B3BD3D3
ReplicatedObjectVersion:28
nt-security-descriptor:01000480640000008000000000000000140000000200500002000000000024000A00000001050000... CAUSE The ADC logs these event ID messages because specific
objects are not being updated correctly. Most replication occurs, but for these
specific objects, a change in Active Directory is not replicating to the
Exchange Server 5.5 object. The Active Directory Connector correctly replicates
the non-security related attributes for objects, but ADC does not replicate
security related changes because of permissions issues. RESOLUTION To resolve this issue, use the Exchange Server 5.5
Administrator program to check the permissions on the site object, and then
look to see if the account that is listed on the Exchange 5.5 tab of the recipient Connection Agreement has Permission Admin privileges for the site object. To do so, follow these steps:
- Click Start, point to Programs, point to Microsoft Exchange, and then click Microsoft Exchange Administrator.
- Click the site object.
- On the File menu, click Properties.
- Click the Permissions tab, verify that the account on the Exchange 5.5 tab of the recipient Connection Agreement is listed, and then
verify that the role for the account is set to Permission Admin.
- If the account is not listed, use either of the following
methods:
- Locate an account to which the Permission Admin role has not been assigned, and then replace the account that is
currently listed on the Exchange 5.5 tab of the recipient Connection Agreement with the new
account.
- Configure the Permission Admin role for the account that is currently listed on the Exchange 5.5 tab of the recipient Connection Agreement. To do so, on the Properties tab of the site object in the Exchange Server 5.5 Administrator
program, click Add, and then click the account in the Domain Account list. Click OK, and then in the Role list, click Permission Admin.
| Modification Type: | Minor | Last Reviewed: | 4/28/2005 |
|---|
| Keywords: | kbprb KB329047 |
|---|
|