0

In advance of a brand new Exchange 2013 deployment to replace a third-party e-mail system, I have a lab network with a clone of our AD environment so I can test various scenarios. In this testing, I've run across repeated instances of this error:

The object domain.local/Staff/aduser has been corrupted, and it's in an inconsistent state. The following validation errors happened:

The property value is invalid. The value can't contain leading or trailing whitespace.

There are multiple instances of this same error for seemingly random AD objects. In this case, I was trying to create a Mail User using the ECP. Searching has lead me to various different AD attributes where others have had this issue, but in my case all of those seem to be fine. We do have some custom extensions to our AD schema, and there are several now-ancient Perl scripts in charge of keeping AD updated from various other sources, so any of a very long list of fields could be the culprit.

What can I do to find out which field(s) Exchange is complaining about? Unfortunately I'm a Linux guru, so my knowledge of AD tools is very limited. As a corollary, is there a way to quickly/easily check my entire AD structure for similar issues?

Kromey
  • 3,641
  • 4
  • 25
  • 30
  • And before anyone mentions it, I know .local is a bad idea for an AD namespace, but this is a very large, very long-lived AD infrastructure for which renaming is just not feasible at this point in time. – Kromey Apr 12 '14 at 00:34
  • How did you clone this environment? Does the issue occur for new objects or only pre-existing objects? – joeqwerty Apr 12 '14 at 00:40
  • The "original" DCs are VMWare VMs, and our VMWare guru used Virtual Center to clone them into our lab environment. The issue only presents itself on pre-existing objects, however statistically that's not significant as it's only on around 0.1% of total user objects (that doesn't count computers or other object types -- we're a good-sized school district, so lots of faculty, staff, and of course students). – Kromey Apr 12 '14 at 00:44
  • Found the culprit in this particular case, the displayName attribute had a trailing space, most likely because the scripts responsible for creating/maintaining our AD expect a middle initial but none exists for this user. Still wanting to find a more automatic way to check for and/or fix errors of this kind, or at least to find a way to figure out what attribute Exchange is complaining about. – Kromey Apr 15 '14 at 15:40
  • Comment on using .local - Microsoft goes back and forth on that http://en.wikipedia.org/wiki/.local#Microsoft_recommendations . – Natalie Adams Oct 28 '14 at 16:04

0 Answers0