-
Title
Error when creating Linked Mailbox with One Identity Quick Connect Exchange Resource Forests -
Description
When using One Identity Quick Connect Exchange Resource Forests (ERFM) and Microsoft Exchange 2013 with PowerShell Remoting enabled, you can encounter the following error:
Pre-processing operation on object caused a policy violationPolicy: AttributeHandlerObject: CN=testuser,OU=Accounts,DC=domain,DC=comDetails: Administrative Policy returned an error. Exchange Server-related operation failed.Failed to resolve the linked master account and verify it exists in a forest different from the one hosting Exchange. The error messasge is : An Active Directory error 0x51 occurred when trying to check the suitability of server 'dc.domain.com'. Error: 'Active directory response: The LDAP server is unavailable.' -
Cause
This can be caused by the LDAP server actually being unavailable or by having the domain configured in ActiveRoles Server to use the service account for domain access.
When the domain is configured to use the service account for domain access, the Exchange cmdlet Enable-Mailbox does not get run correctly due to the requirement of the -LinkedCredential parameter. When set to use the service account, ActiveRoles Server has no username or password to provide for the parameter so the cmdlet fails authentication to the linked domain controller.
-
Resolution
Modify the domain configuration in ActiveRoles Server to use an override account instead of the service account. Note that you can use the same account as the service account, however it simply needs to be provided in the override account configuration.
- Open the ActiveRoles Server MMC.
- Navigate to the following: Configuration | Server Configuration | Managed Domains
- Right-click the linked domain in question and select Properties.
- On the General tab, click to select The Windows user account information specified below: and fill in the appropriate logon information.
- Click OK.
Once configured, the command should work properly as it now has access to credentials on the linked domain.