Error 0xe1000005. "MailSwitch" returned error -520093691
After an upgrade from Exchange 2003 to Exchange 2007 or after implementing the schema extension required for Exchange 2007 installations, directory synchronization stops working and the following errors are logged in dsa.log:
This can be caused by an invalid Exchange 2003 addressbook filter or email address policy.
An example is an addressbook filter search against a non-existant attribute: (&(&(&(mailNickname=*)(|(objectClass=user)(objectCategory=person)(objectCategory=group)(objectCategory=msExchDynamicDistributionList)(objectClass=contact))( |(country=Portugal)(co=Portugal*)(displayName=RG PT*))))) Attribute "country" does not exist in AD and Directory Sycnrhonization does not expect this situation when parsing such addressbook filter.
Another possibility is a recipient policy such as (&(&(&(&(mailnickname=*)(|(&(objectCategory=person)(objectClass=user)(homeMDB=CN=Mailbox Store (EUEXCH001),CN=First Storage Group,CN=Information Store,CN=EUEXCH001,CN=Servers,CN=AG,CN=Administrative Groups,CN=ORG,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=company,DC=com)))))))
While this filter is valid for Exchange 2003, in Exchange 2007 it is not possible to manage objects when they fall under such recipient policy. In this case Exchange Server 2007 will generate eventid 8325 with a text similar to the following:
Description: The service can't work properly because Email Address Policy 'CN=Fabrikam,CN=RecipientPolicies,CN=Contoso,CN=MicrosoftExchange,CN=Services,CN=Configuration,DC=<root domain>,DC=com' has an invalid filter rule (PurportedSearch). The error is 'Invalid token'. Use the Exchange Management Console to correct this problem. New users, contacts, and groups won't be fully provisioned until this is fixed.
Also an error "The Exchange server address list service failed to respond. This could be because of an address list or email address policy configuration error" is displayed in the user interface.
Correct the addressbook and recipient policy filters to meet LDAP standards and contain valid attribute names only
For addressbook example above, change (country=Portugal) to (c=PT)
In case of an invalid recipient policy containing a mailbox store with parentheses in the name, Microsoft suggests renaming the store, please see http://technet.microsoft.com/en-us/library/cc164361(EXCHG.80).aspx for more detail.
While this does solve the problem, it is also possible to change the filter to escape the parentheses, which has less impact on the environment. You can replace the left bracket with \28 and right bracket with \29 like this:
change (homeMDB=CN=Mailbox Store Journal (EUEXCH001),CN=First .... to )(homeMDB=CN=Mailbox Store Journal \28EUEXCH001\29,CN=First ...
Such filter will be valid for both Exchange 2003 and Exchange 2007 installations and will allow Quest Directory Synchronization Agent to operate properly