Event ID 2158,2161 MSExchange ADAccess

October 24, 2016
Microsoft

Description (MSExchange ADAccess 2158 Validation): Process Microsoft.Exchange.AddressBook.Service.exe. Recipient object CN=XXX,OU=XXX,OU=XX,OU=XX,OU=XX,DC=XXX,DC=XXX,DC=XXX read from <Domain Controller> failed validation. A partially valid object will be returned.  Set event logging level for Validation category to Expert to get additional events about each failure.

Description (MSExchange ADAccess 2161 Validation): Process Microsoft.Exchange.AddressBook.Service.exe Recipient object CN=XXX,OU=XXX,OU=XXX,OU=XXX,DC=XXXX,DC=org read from <Domain Controller> failed validation. Attribute: ExchangeLegacyDN. Error message: You must provide a value for this property.. Invalid data: .

A recent customer who migrated from Exchange 2003 to 2010 are getting repeated errors in the event log from MSExchange ADAccess. They come in pairs quote often and increasing the logging level as suggested only increases the frequency without giving you any further details.

Symptom: The Warning 2158 and 2161 appear repeatedly for the objects that have already been mail-disabled, and the legacyDN is null or references a target that no longer exists like in the case of decommissioning Exchange 2003.

Cause: This can happen after you've mail-disabled the object but they're still references to it in other AD objects

Resolution: Install Exchange 2010 SP1 Rollup 5 or the recently released SP2

Tony Sollars
An Experienced Business Technology Executive with many years of experience in technology and applied leadership skills to develop, grow and mentor businesses and the people that build it.