cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Why can’t I modify the objects on my ADC Tools created Recipient CA?
By
The_Exchange_Team
Published Jun 03 2004 09:32 AM 1,076 Views
The_Exchange_Team
Microsoft
‎Jun 03 2004 09:32 AM

Why can’t I modify the objects on my ADC Tools created Recipient CA?

‎Jun 03 2004 09:32 AM

If you create a Recipient Connection Agreement (RCA) with the ADC tools wizard and then go in to view the settings of that RCA, you may notice that the “Select the objects that you want to replicate” options on the From Windows tab are grayed out and you cannot make changes…

Example:

 

The reason for this is because of the custom filter created for the RCA by the ADC tools.  If you look at the values for the attribute msExchServer1SearchFilter on the agreement itself, you will see a filter specified that is similar to:

(&(|(objectclass=user)(objectclass=contact)(objectclass=group))(|(legacyExchangeDN=/o=ORG1/ou=SITE1/cn=*)(legacyExchangeDN=ADCDisabledMail*)(isDeleted=TRUE)));

This is a custom search filter that (in this case) searches for objects in Active Directory that are either of class user, contact, or group AND that also belong to the Administrative Group called SITE1 (or that have been deleted and need that deletion to replicate across to the 5.5 Directory)

Since this is a “custom” filter, the objects can’t be edited via the normal GUI interface and that is why the check boxes are not modifiable.  Once again you can see from the filter that the connection agreement is in fact already set to replicate users, contacts or groups despite what the GUI seems to indicate at first glance.

If you have multiple Administrative groups that have users in the same Active Directory location you would have multiple auto-created RCAs as these will ONLY replicate objects that match the Administrative Group listed in the filter.

For example, a second Administrative Group (called AG2) with objects in the same Active Directory location would have a filter like the following:

(&(|(objectclass=user)(objectclass=contact)(objectclass=group))(|(legacyExchangeDN=/o=ORG1/ou=AG2/cn=*)(legacyExchangeDN=ADCDisabledMail*)(isDeleted=TRUE)));

Ultimately, if you want or need more flexibility with connection agreements (such as limiting or modifying the objects controlled by the RCA) you should create the connection agreements manually using the ADC Services Snap-in instead of having the ADC tools create them automatically.

 

- Kyle Lewallen

0 Likes
Like
3 Comments
Not applicable
‎Jun 15 2004 12:11 PM
‎Jun 15 2004 12:11 PM
I also encountered the same issue when I tried to import CA's via LDIF Files. After importing the CA and opening the console there's a popup telling me that a CA of this type(?) cannot be managed via the console...

Is there a way to script the creation of CA's without limiting administration?
0 Likes
Like
Not applicable
‎Jun 16 2004 05:53 PM
‎Jun 16 2004 05:53 PM
I honestly don't know if scripting of CAs would even be supported.

However, it sounds like the versionnumber attribute isn't correct set on this particular CA, similar to what is discussed in:
http://support.microsoft.com/?id=822569
0 Likes
Like
Not applicable
‎Jun 17 2005 07:35 PM
‎Jun 17 2005 07:35 PM
The Active Directory Connector is a utility that is used to replicate recipient and configuration data...
0 Likes
Like
Version history
Last update:
‎Jul 01 2019 02:57 PM
Updated by: