During the synchronization of migrated mailboxes, an error similar to the following is received:
"Error 0xea00009c. Administrative group not found, directory server: "targetdc.targetdomain.com", Exchange server: "CN=Mailbox Database,CN=First Storage Group,CN=InformationStore,CN=TARGETDC,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Target Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=targetdomain,DC=com" LDAP error 0x20. No Such Object (0000208D: NameErr: DSID-03151EFD, problem 2001 (NO_OBJECT), data 0, best match of: 'CN=Target Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=targetdomain,DC=com' )."
The service account cannot retrieve the LegacyExchangeDN attribute for the Administrative Group mentioned in the error message.
In case of Exchange 2007 (SEE BELOW FOR Exchange 2013 & 2016) target organization, the Migration Manager service account also requires the Read permission on the Microsoft Exchange container in Active Directory.
Note: The "Microsoft Exchange" container is not visible in Active Directory Users and Computers. It can be accessed using ADSIedit under "Configuration", then "Services".
To grant the (Basic) Read permission for Exchange 2007 &/or 2010, complete the following steps:
1. Run the Exchange Management Console
2. In the navigation pane right-click the Organization Configuration node and select Add Exchange Administrator... from the shortcut menu.
3. In the Add Exchange Administrator dialog click Browse, select the administrative account and click OK.
4. Select the Exchange View-Only Administrator role option and click Add.
5. Click Finish to exit the wizard and apply your changes.
OR
In Exchange Management Shell run the command:
Add-ExchangeAdministrator -Identity 'administrative_account' -Role 'ViewOnlyAdmin'
for example: Add-ExchangeAdministrator -Identity 'targetdomain.com/Users/qmm' -Role 'ViewOnlyAdmin'
To grant the "basic" Read permission for Exchange 2013 &/or 2016, complete the following steps:
1. Run the Exchange Management Console
2. Use a global administrative account to log into Exchange Admin Center
3. Open Permissions > admin roles> View-Only Organization Management
4. Add the user to the members list.
OR
In Exchange Management Shell run the command:
Add-RoleGroupMember "View-Only Organization Management" -Member QMM_ServiceAccount
© 2021 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy