Mailbox Merge program is unsuccessful and generates error 8007203a while opening an LDAP connection

When you try to export mailboxes to, or import mailboxes from, a personal folder (.pst) file by using the Microsoft Exchange Mailbox Merge program (Exmerge.exe), the operation may be unsuccessful, and the following error is logged in the Exmerge.log file: Additionally, after you configure the user account under which you run the Exchange Mailbox Merge program by setting the Receive As and Send As security permissions to Allow for the mailbox store, these settings may revert to Deny permissions settings.

If the Allow permissions that you set in the Exchange System Manager unexpectedly change to Deny permissions, user account settings in Active Directory may be propagating and changing the settings that you made in Exchange System Manager.

To troubleshoot this issue, use the ADSI Edit utility to verify the correct settings for the mailbox object. To do this, follow these steps.

Warning If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Windows Server 2003, Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, or both Windows and Exchange. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.

1. Log on to the domain controller as Administrator.
2. Start the ADSI Edit utility. To do this, follow these steps:
   1. Install the Windows 2000 Support Tools. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
      246926 Folder listing of the Support Tools included in Windows 2000
   2. Register the Adsiedit.dll file by using Regsvr32. To do this, follow these steps:
      1. Click Start, and then click Run.
      2. In the Open box, type the following line, and then click OK:
         regsvr32 "drive:\Program Files\Support Tools\adsiedit.dll"
   3. Open a new Microsoft Management Console (MMC), and then add the ADSI Edit snap-in.
3. In the console root, right-click ADSI Edit, and then click Connect to.
4. In the Connection dialog box, click Configuration Container in the Naming Context list, and then click OK.
5. Expand ADSI Edit, expand Configuration Container [server.domain.com], and then expand CN=Configuration,DC=domain,DC=com.
6. Expand CN=Services, expand CN=Microsoft Exchange, expand CN=First Organization, expand CN=Administrative Groups, expand CN=First Administrative Group (where First Administrative Group is the administrative group that you want), expand CN=Servers, CN=ServerName (where ServerName is the name of your server), expand CN=Information Store, and then click CN=First Storage Group.
7. In the right pane, right-click CN=PrivateStoreName, where PrivateStoreName is the name of the private store that you want (for example, CN=Mailbox Store (ServerName)), and then click Properties.
8. Click the Security tab, and then review the permissions for the administrative account under which you want to run the Mailbox Merge program, including all groups that the administrative account is a member of. Make sure that the Send As and Receive As permissions are set to Allow.
   
   Note Explicit Allow permissions override inherited Deny permissions. If the setting is not available (dimmed), the permission is inherited. When you set permissions for Send As and Receive As on the mailbox store, make sure that the Allow permissions are explicit for the user you are running Exmerge with and for each group that the user is a member of. If you still receive errors messages when you try to run Exmerge, follow the steps in the following Microsoft Knowledge Base article:
   273642 ExMerge does not work unless you have Receive As and Send As permissions on the store
9. When you have completed the process of changing permissions, click OK, and then quit the ADSI Edit snap-in.

For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base: For more information, click the following article number to view the article in the Microsoft Knowledge Base: