Tuesday, March 16, 2010

Exchange 2003.Event ID 8026 MSExchangeAL LDAP Bind was unsuccessful on directory for distinguished name. Directory returned error: [0x51] Server Down.

You demote your domain controller and then your exchange starts logging the following event.

Source: MSExchangeAL
Category: LDAP Operations
Event ID: 8026
User: N/A
Computer: "name of your exchange server"
Description: LDAP Bind was unsuccessful on directory "name-of-demoted-domain-controller" for distinguised name. Directory returned error: [0x51] Server Down.

Cause:
Your recipient update service was set to work with the demoted domain controller. Since the domain controller has been demoted, the recipient update service will shout when it doesn't find what its looking for.
Recipient Update service plays a role in creating exchange specific attributes in active directory like automatic generation of SMTP addresses that has been defined for users. You can read more of this in http://support.microsoft.com/kb/319065.

Solution:
  1. Open the exchange "System Manager".
  2. Expand Recipients container and then click on "Recipient Update Services".



    3. On the right panel, double click each of the recipient update services and change the "Windows Domain Controller" to point to your new windows domain controller.

Posted by at No comments:

Monday, March 1, 2010

How to Delegate a user or a group to unlock a user account

To unlock a user account you will need to have Read/Write access to "Lockout time". The following will show you how to delegate a user/group to unlock an account.
  1. Right click on the Organizational Unit where the user accounts are located.
  2. Select "Delegate Control" from the menu.
  3. Delegation of Control Wizard will pop up. Click Next.
  4. In the "users or groups" dialog box, click "Add" to add a group or a user.
  5. After successfully adding the user or group, click Next.
  6. In "Tasks to Delegate" box, choose "Create a custom task to delegate" and click Next.
  7. In the "Active Directory Object Type" choose "Only the following objects in the folder" and then from the available choices choose "User objects" and click Next.
  8. In "Permissions" box, choose "Property-specific" checkbox. Then choose "Read lockout Time" and "Write Lockout Time" from the list of permissions.
  9. Click Finish.
Posted by at No comments:
Subscribe to: Posts (Atom)