"Multiple Active Directory objects found for %1 Distinguished Name (DN)" error message when you use Deployment Tools or ADC Tools to prepare to install Exchange 2003

When you use the Microsoft Exchange Server 2003 Deployment Tools component or the ADC Tools component in Active Directory Connector to prepare for an Exchange Server 2003 installation, you may receive an error message that is similar to the following: In the message, %1 is the distinguished name of a Microsoft Exchange Server 5.5 object. This is typically a mailbox, but it may also be a custom recipient or a distribution list. In the message, %2 is the distinguished name of an Active Directory object. This is typically a user account, but it may also be a contact or a distribution group.

This issue may occur if both of the following conditions are true:

• You have two or more Connection Agreements that write to multiple domain controllers, and these domain controllers are not synchronized.
• Both (or all) of these Connection Agreements use the same Exchange 5.5 container as their source for the replicated information.

The error message described in the "Symptoms" section of this article is generated when the Deployment Tools or ADC Tools search for inconsistencies from previous Active Directory Connector (ADC) replication. The utilities report objects in the %2 field of the error message by applying a Lightweight Directory Access Protocol (LDAP) filter against the Exchange Server 5.5 directory and Active Directory. These LDAP filters search for the following:

• Multiple Active Directory objects that have the same Ex5:legacy 55 DN
• msexchADCGlobalNames of the source Exchange 5.5 object that have more than one NT5:GUID, where each GUID corresponds to an object in Active Directory
• Multiple Active Directory objects that have the same legacyExchangeDN=55 DN

The following overview describes the steps to resolve this issue:

• Identify all Active Directory objects that have been stamped with a global name that references the single Exchange Server 5.5 object.
• Designate a single Active Directory object that will be uniquely linked to the Exchange Server 5.5 object.
• Remove all other Active Directory objects with attributes that reference the single Exchange Server 5.5 object.
• Temporarily disable one ADC service so that the other ADC service can rereplicate the single Exchange Server 5.5 object to the designated Active Directory account.
• Verify that the error no longer occurs when you rerun the error-detection tool from Deployment Tools or ADC Tools.

To resolve this issue, follow these steps:

1. Record the entry for the %1 field, where the distinguished name of the Exchange 5.5 object is listed.
2. Start the Active Directory Users and Computers utility.
3. On the View menu, click Advanced Features.
4. Right-click the domain container, and then click Find.
5. In the Find list, click Custom Search.
6. Click the Advanced tab, and then type the following LDAP query in the Enter LDAP query box
   msexchadcglobalnames=ex5:%1*
   where %1 is the distinguished name that you noted in step 1.
   
   For example, if the distinguished name is cn=user1,cn=Recipients,ou=Site-1,o=Org-1, type the following in the Enter LDAP query box:
   msexchadcglobalnames=ex5:cn=user1,cn=Recipients,ou=site-1,o=org-1*
   Note the asterisk (*) character after the distinguished name.
7. Click Find Now.
8. View the list of returned objects that are linked with the Exchange 5.5 object. The list of found items displays all items as enabled whether they are enabled or disabled objects. To determine if an object is disabled, right-click it, and then click Properties.
9. Determine the item that you want to have matched with the Exchange 5.5 object. Consider this the master object, and consider all others mis-stamped objects.
10. Stop all ADC services that run Connection Agreements with containers where multiple Active Directory objects have the same Ex5:legacy 5.5 DN. If you do not know which ADC service to stop, temporarily stop all ADC services in the organization.
11. Delete or mail-disable all mis-stamped objects that are linked to the Exchange 5.5 object. This maintains a one-to-one relationship between the master Active Directory object that you noted in step 9 and the Exchange 5.5 object.
    
    Note If you do not require users to log on to the mis-stamped object, delete it. Otherwise mail-disable the mis-stamped object. To do this, right-click the object, click Exchange Tasks, and then follow the steps of the Exchange Task Wizard to remove Exchange attributes.
12. Permit the ADC to re-create the global name links for correct object-matching. To do so:
    1. Remove the Exchange attributes from the master object by using the Exchange Task Wizard in the Active Directory Users and Computers utility.
    2. Start the Exchange 5.5 Administrator program in raw mode. To do this, type admin /raw from the Exchsrvr\bin folder at a command prompt.
    3. Locate, and then click the object in the Microsoft Exchange Administrator utility. On the File menu, click Raw Properties.
    4. In the Object attributes list, click ADC-Global-Names, and then click Remove. Repeatedly click Remove until the Attribute values list is empty.
    5. Click Apply, and then click OK.
    6. With the object still selected, click Properties on the File menu.
    7. Make sure that the Primary Windows NT Account entry corresponds to the Active Directory object that you considered the master object in step 9.
    8. Click OK, and then quit the Exchange Administrator utility.
13. Restart one of the ADC services that you stopped. The two-way Connection Agreement stamps Globalnames with single NT5 and Ex5 values on both the master Active Directory object and the Exchange Server 5.5 object, respectively.
14. Allow sufficient time for the domain controllers to replicate the changes before you use the Deployment Tools or ADC Tools step where you received the error described in the Symptoms section of this article.
15. Re-run the tool, and verify that no more entries containing the Exchange 5.5 (%1) object are listed.

The following table lists the error detection tools that can log the error that is mentioned in the "Symptoms" section of this article. It also includes the output files:

For additional information, click the following article number to view the article in the Microsoft Knowledge Base: