Exchange 2007-2010 Public Folders Issues “The Active Directory user wasn’t found.”

I was working on an Exchange 2007 to Exchange 2010 project when we ran into trouble creating our first public folder database on an Exchange 2010 server. Mind you, this was just creating the database. We did not even set up replication for this database yet. All mailboxes still resided in Exchange 2007 databases pointing to an Exchange 2007 public folder. Very soon after creating the database we got notified users could no longer send mails to mail enabled public folders. The exact error was this:

554 5.6.0 STOREDRV.Deliver.Exception:ObjectNotFoundException; Failed to process message due to a permanent exception with message The Active Directory user wasn’t found.

Also browsing of the public folders in Outlook was slow and the application froze/hung. These issues where fixed very fast by getting rid of the still unused public folder database all together. Now we could commence our search for the root cause. The error seemed related to the issue described in Public Folder Replication Fails Due To Empty Legacy Administrative Group which can be found @  The blog describes this error during replication:

Log Name: Application

Source: MSExchange Store Driver

Event ID: 1020

Level: Error


The store driver couldn’t deliver the public folder replication message “Hierarchy (” because the following error occurred: The Active Directory user wasn’t found.

But apart from replication not working there were other, more severe issues impacting end users who can still all be on Exchange 2007. The hanging of the outlook clients and mail enabled folders no longer being available. Dave Stork blogged about this in

Now the first mentions of the replication issue have been reported back in November 2009 (see but still hasn’t been fixed. For the moment that fix is planned to be included in E2K10 RU5. Currently we’re at RU3, so that might well be august 2010.

The workaround described in above mentioned blog posts works & is effective immediately. Now they described the issue and the fix very well but I’ll add to tips.

Tip 1

“Practical End User Friendly Detection” of this issue can be done using exfolders.exe. You can read more about this tool here: “Exchange, meet ExFolders” ( error only occurs when you create a public folder on Exchange 2010 and can be very annoying for the users so I’ll share this tip with you. Download the tool here and install it on an Exchange 2010 server in the bin directory (follow the readme.txt and don’t forget to merge the .reg file or the tool will crash). Running exfolders.exe and connect against any Exchange 2007 public folder. When you get this error …




An error occurred while trying to establish a connection to the Exchange server. Exception: The Active Directory user wasn’t found.




… you know you are affected. Deleting the empty Servers containers from ALL legacy Administrative Groups fixes the error. You then can connect successfully to a Exchange 2007 public folder with exfolder.exe. Which is a cool way to test for this issue and if the fix works as you don’t need to create a public folder and possibly hinder you users.

Tip 2

Also note that you need to delete  (using ADSIEDIT) every empty servers container out of every legacy Administrative Group, not just or only the one in the “First Administrative Group”. Don’t worry if you renamed that one to something more descriptive, that doesn’t matter at all. All the servers containers in the legacy Administrative Group should be empty I you have no more E2K3 servers left in your exchange organization. Feel free to leave comments on your experiences.


Partially Native USB support coming to W2K8R2 with SP1!?

As you might recall from a previous blog post of mine ( one of the show stoppers for virtualization can be USB dongles. Apart from my aversion of USB license dongles that should never be mentioned in the same sentence with reliability and predictability, now the push for VDI has exposed another weakness, the need for end users to have USB access. Well Microsoft seems to have heard us. Take a look @ this blog post:

What remains to be seen is if this will work with license dongles. Anyway for desktop virtualization a much needed improvement is under way. I would like to thank Christophe Van Mollekot from Microsoft Belgium for bringing this to my attention. This together with VDI license improvements for SLA customers are giving desktop virtualization a much better change of being adopted. Some times stuff like this really makes the difference. You can’t explain to your end users that the great super modern virtualized environment doesn’t support the ubiquitous USB drive. Trust me on that one.

Netdom computername: Alternate Names are little gems

I’ve had the distinct pleasure of tapping into the knowledge of Jose Barreto and learn that the Netdom Computername that provides alternate names for windows 2008 (R2) works with SMB 2.0. We deliberately stayed away from DNS aliases in 2008 for some file servers replacements in combination with disabling strict name checking because using that combination will revert back to SMB 1.0. That means you can’t take advantage of the improved throughput you get with SMB 2.0. Tonight I was happy to find out that netdom computername /add:<NewAltDNSName> will create a dns entry and SPN for that name and using it will not make windows revert to SMB 1.0. This is neat! Go have a look at to find out more.