Directory sync fails to mailbox enable target objects. The DSA log will contain the following error:
Common AcAdSwitches Error 0xe1000023. LDAP filter error. Invalid filter: mailNickname=*
The error indicates an issue with recipient policy (email address policy) in target. The recipient policy in question is using a purportedSearch of mailNickname=* but the correct format should be which parentheses e.g.: (mailNickname=*)
This is usually the purportedSearch set for the "Default Policy" but custom policies can also contain the same purportedSearch.
1. Use LDIFDE to list all recipient policies using the invalid purported search, e.g.:
LDIFDE -d "CN=Configuration,DC=DOMAIN,DC=COM" -f rp.txt -r "(&(objectClass=msExchRecipientPolicy)(purportedSearch=mailNickname=*))"
Note: replace DOMAIN and COM with correct values for the respective target domain.
2. The file rp.txt will contain a list of the recipient policies it finds with the purportedSearch of mailNickname=*. Look for the attribute name purportedSearch.
3. Use ADSIEdit or PowerShell to correct the purportedSearch so it is correctly encapsulated with parentheses.
With PowerShell:
Set-EmailAddressPolicy POLICYNAME -IncludedRecipients AllRecipients
or
With ADSIEdit
Connect to the Configuration partition of the target domain and locate the respective policy by its distinguished name.
Edit the purportedSearch attribute so it reads as follows:
(mailNickname=*)
