ADCDisabledMail attribute detected

[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at https://go.microsoft.com/fwlink/?linkid=34707.]  

Topic Last Modified: 2005-11-17

The Microsoft® Exchange Server Analyzer Tool queries the Active Directory® directory service to determine whether the Exchange organization is in mixed mode or native mode. If the Exchange organization is found to be in native mode, the Exchange Server Analyzer queries Active Directory to determine whether any mail-enabled object in the organization's domains has the value for the legacyExchangeDN attribute set to ADCDisabledMail. If mail-enabled objects are found with the legacyExchangeDN attribute value set to ADCDisabledMail, a warning is displayed that lists the objects and their domain.

This issue can occur in both Exchange 2000 Server and Exchange Server 2003 environments when a mailbox is deleted. When the mailbox is deleted, the value for the legacyExchangeDN attribute of the account is stamped with ADCDisabledMail. This value is used to instruct the Active Directory Connector (ADC) to delete objects from the Exchange Server 5.5 directory service when the associated object has been mail-disabled in Active Directory. If there are several mailboxes in a large distribution group that have been deleted, the message is delayed while Active Directory is searched for a unique legacyExchangeDN attribute value of ADCDisabledMail. Because several mailboxes may have this same legacyExchangeDN attribute value, the search takes a long time. This causes messaging delays. Messaging delays will also occur when the distribution group is expanded in the message's "To:/Cc:/Bcc:" lines from an Microsoft Office Outlook® 2003 client.

The resolution is to either delete the objects or use the Active Directory Service Interfaces (ADSI) Edit tool, the ldp.exe tool, or another Lightweight Directory Access Protocol (LDAP) version 3 client to remove the contents of the legacyExchangeDn attribute. If the legacyExchangeDN attribute value is set to NULL then the search against Active Directory will be set to "/O=NT5/ou=<objectGUID of the Domain>/cn=<objectGUID of the user>" and the non-delivery report (NDR) will occur much more quickly.

Warning

If you incorrectly modify the attributes of Active Directory objects when you use ADSI Edit, the LDP tool, or another LDAP version 3 client, you may cause serious problems. These problems may require that you reinstall Microsoft Windows Server™ 2003, Exchange Server 2003, or both. Modify Active Directory object attributes at your own risk.

To remove the ADCDisabledMail value on the legacyExchangeDN attribute

  1. Start the ADSI Edit tool from Windows 2000 Support Tools or from Windows Server 2003 Support Tools.

  2. Expand the following nodes:

    • Domain Container

    • DC=Domain_Name

    • Users Container

  3. Right-click User_Name, and then click Properties.

  4. Click legacyExchangeDN in the Attributes list, and then click Edit.

  5. Remove the original legacyExchangeDN value that contains ADCDisabledMail by selecting the original value and clicking Clear.

  6. Click OK two times to apply the change.

For more information about how to work with ADSI Edit, see the topic "Adsiedit.msc: ADSI Edit" in Windows Server online Help.

For more information about how to use the LDP tool, see Microsoft Knowledge Base article 260745, "XADM: Using the LDP Utility to Modify Active Directory Object Attributes" (https://go.microsoft.com/fwlink/?LinkId=3052&kbid=260745).