If users in the source domain have "blank" email addresses, they will not be mailbox enabled in the target and "Internal DSA error" appears in the dsa.log file. These objects may also appear under "failed objects" reporting the error "Internal DSA error".
A "blank" email address is defined as follows:
In the "proxyaddresses" attribute, email addresses are stored as [address type]:[address]. For example:
smtp:user@quest.com
When adding an email address in Active Directory users and Computers, you must type something in the "email address" field or the address will not be accepted.
However, an address consisting only of the address type can be created using ADSIedit, LDP.exe, and is also created by some 3rd party tools. An example of such an address would be:
smtp:
The Directory Synchronization Agent expects data to follow the ":" character, which results in an error message and the failure of the mailbox enabling process. Please note that this may result in the failure of other accounts (without a "blank" email address) to mailbox enable as well.
Inspect the source objects being synchronized, correct any "blank" email addresses, and perform a full re-sync.
If the blank address is a custom address type from a 3rd party tool (such as Avaya Modular Messaging which creates "numeric:" addresses), these address types can be excluded from synchronization. However, this is not a GUI setting and must be configured manually in ADAM. Contact support if you are experiencing this problem, and mention internal solution SOL38694.
