Warning - validation error

Occasional Contributor


For a while now I have been getting a warning every time I open a distribution group or mail-enabled security group in the on-prem admin center. 

"The object removed has been corrupted or isn't compatible with Microsoft support requirements, and it's in an inconsistent state. The following validation errors happened:
The access control entry defines the ObjectType 'a8df73ef-c5ea-11d1-bbcb-0080c76670c0' that can't be resolved.."


As far as I can figure 'a8df73ef-c5ea-11d1-bbcb-0080c76670c0' referrs to the 'Employee Number' LDAP attribute, which a group object does not have? 
It doesn't appear to cause any issues, but I would still like to fix the problem. 

Anyone got any ideas to what might be causing this error? We are running Exchange 2016 CU16 in a hybrid environment. 

11 Replies

Thank you for the suggestion.
I ran "Get-Mailbox -monitoring" but found no errors there. 

@Gly Hey, try this then :)




What I want to highlight is this.


1. Run the IISReset on all Exchange server.
2. If reset IIS does work, reboot all Exchange server and check the result.

I have tried this earlier, both iis reset and reboot. I have also tried recycling the "MSExchangeECPAppPool" as suggested in the post. 

@Gly I'm sure one of the Exchange experts will reply with a solution. At least we have narrowed it down then.

I checked the Ad permissions for the domain now, and it's not yielding any errors either. 

I have not. I tried to verify the active directory versions now, and I see in ADSI that that the 'objectVersion' in the Configuration naminig context is <not set>. So you may be onto something. We wil try to update schema again next week.

@Gly did you find a fix, I have exactly the same warning messages when editing Distributons Groups in Ex2016 EAC? 

@blozza77 No, I did not - sorry for not updating the post. Eventually we tried to update schema again, but it did not resolve the issue.