The LegacyExchangeDN for this Exchange server does not match the parent administrative group
[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at http://go.microsoft.com/fwlink/?linkid=34707.]
Topic Last Modified: 2007-01-09
The Microsoft® Exchange Server Analyzer Tool queries the Active Directory® directory service to verify the legacyExchangeDN value of a server by checking the attributes of the server object in the Servers container in Active Directory by comparing it to the actual name of the organization and administrative group in which the server resides. If the server's legacyExchangeDN value is different from the organization or administrative group, an error is displayed.
Exchange uses the legacyExchangeDN value to identify Exchange objects in Active Directory. The legacyExchangeDN value is a distinguished name that indicates where the object fits in the Exchange organization, for example:
Objects such as mailbox stores and public folder stores inherit part of their legacyExchangeDN values from the server. This means that if there is a problem with the server value, other objects may inherit the same problem.
Generally, problems with the legacyExchangeDN occur when an administrator has tried to directly modify the value. You must correct the value using a tool such as Active Directory Service Interfaces (ADSI) Edit, the LDP (ldp.exe) tool, or any other Lightweight Directory Access Protocol (LDAP) version 3 client.
If you incorrectly modify the attributes of Active Directory objects when you use ADSI Edit, the LDP tool, or another LDAP version 3 client, you may cause serious problems. These problems may require that you reinstall Microsoft Windows Server™ 2003, Exchange Server 2003 or Exchange Server 2007, or both. Modify Active Directory object attributes at your own risk.
To correct this error
Using ADSI Edit or a similar tool, locate the administrative group object in Active Directory.
The legacyExchangeDN attribute can be found at:
CN=Configuration,CN=Services,CN=Microsoft Exchange,CN=Organization,CN=Administrative Groups,CN=Administrative group,CN=Servers,CN=server
Type a new string value of the form:
For more information about using the LDP tool, see the Microsoft Knowledge Base article 260745, "XADM: Using the LDP Utility to Modify Active Directory Object Attributes" (http://go.microsoft.com/fwlink/?LinkId=3052&kbid=260745).
For more information about working with ADSI Edit, see the topic "Adsiedit.msc: ADSI Edit" in Windows Server 2003 Help.