The LegacyExchangeDN for this administrative group does not match the parent organization
[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at http://go.microsoft.com/fwlink/?linkid=34707.]
Topic Last Modified: 2006-11-30
The Microsoft® Exchange Server Analyzer Tool queries the Active Directory® directory service to determine the format for the legacyExchangeDN attribute on the administrative group container object. If the Exchange Server Analyzer finds the legacyExchangeDN attribute on the administrative group does not match the legacyExchangeDN for the Exchange organization, an error is displayed.
Exchange uses the legacyExchangeDN value to identify Exchange objects in Active Directory. The legacyExchangeDN value is a distinguished name that indicates where the object fits in the Exchange organization, for example:
Objects such as servers and folder hierarchies inherit part of their legacyExchangeDN values from the administrative group. This means that if there is a problem with the administrative group value, many other objects may inherit the same problem.
Usually problems with the legacyExchangeDN occur when an administrator has tried to directly modify the value. You must correct the value using a tool such as the Active Directory Service Interfaces (ADSI) Edit snap-in, the LDP (ldp.exe) tool, or any other Lightweight Directory Access Protocol (LDAP) version 3 client.
If you incorrectly modify the attributes of Active Directory objects when you use ADSI Edit, the LDP tool, or another LDAP version 3 client, you may cause serious problems. These problems may require that you reinstall Microsoft Windows Server™ 2003, Exchange Server 2003 or Exchange Server 2007, or both. Modify Active Directory object attributes at your own risk.
To correct this error
Use an Active Directory editor, such as ADSI Edit, to locate the administrative group object in Active Directory.
The legacyExchangeDN attribute can be found at:
CN=Configuration, CN=Services, CN=Microsoft Exchange, CN=Organization, CN=Administrative Groups, CN=Administrative group
Type a new string value of the form:
For more information about using the LDP tool, see the Microsoft Knowledge Base article 260745, "XADM: Using the LDP Utility to Modify Active Directory Object Attributes" (http://go.microsoft.com/fwlink/?LinkId=3052&kbid=260745).
For more information about working with ADSI Edit, see the topic, "Adsiedit.msc: ADSI Edit" in Windows Server Help.