Failed to read attribute from Active Directory for .

Details
Product: Exchange
Event ID: 9562
Source: MSExchangeIS
Version: 6.5.6940.0
Component: Microsoft Exchange Information Store
Message: Failed to read attribute <attribute name> from Active Directory for <user name>.
   
Explanation

This event indicates that attribute msExchUserAccountControl is not set or it is set incorrectly on a user object in Active Directory.

If you are working in a mixed-mode environment where Exchange 2000 or Exchange 2003, and Exchange Server 5.5 are installed in separate Active Directory domains, when you try to grant permissions that are granted to public folders on the Exchange 2003 computer to a mailbox that is homed on the Exchange Server 5.5 computer, you receive Event ID 9562.

This issue can occur because any user object that is mailbox-enabled must have the msExchUserAccountControl attribute stamped on it by the Recipient Update Service, and the attribute value must be set to 0. If the user object is not configured in this way, it is treated as mailbox-disabled.

By default, Recipient Update Service is not available in an Active Directory domain that has only an Exchange Server 5.5 computer. Therefore, the user object in Active Directory that is associated with the mailbox on the Exchange Server 5.5 computer does not have the msExchUserAccountControl attribute set.

When you add a mailbox on the Exchange Server 5.5 computer to permissions that are granted to a public folder in Exchange 2000, the information store on the Exchange 2000 computer assigns the distinguished name of this mailbox to that public folder. The Exchange 2000 information store tries to upgrade this Exchange Server 5.5 distinguished name to a Windows 2000 security identifier (SID). If the Active Directory user object that is associated with this mailbox does not have the msExchUserAccountControl attribute set, when the information store reads this attribute, and then fails to upgrade the Exchange Server 5.5 distinguished name to a Windows 2000 SID, the information store generates Event ID 9562.

Additional Causes

  • When you send a message to an Exchange 2000 mailbox, you may receive the following non-delivery report (NDR) 5.2.1. This problem can occur if the msexchUserAccountControl attribute has not been set by the Recipient Update Service. In this case, the information store handles this mailbox as disabled and all local delivery attempts fail with an “Access denied” error message.
    You may be unable to log on to Exchange 2000 Server, and you receive Event ID 9562. This behavior can occur because the MSEXCHUserAccountControl attribute is not set, or it is set to the incorrect value.
  • You are unable to successfully run Mailbox Cleanup Agent on mailboxes in a Microsoft Exchange 2000 mailbox store, and you receive Event ID 9562. This behavior occurs because the msExchUserAccountControl attribute is missing for a given user object in Active Directory.
   
User Action
  • To resolve this issue, configure one additional Recipient Update Service for the domain that hosts Exchange Server 5.5 to populate the msExchUserAccountControl attribute for all mailbox-enabled user objects.
  • To resolve additional causes, force a rebuilding of the Recipient Update Service for a given domain where the user accounts reside so that every user object receives the correct attributes.

Related:

Leave a Reply