Hi,
In the past month our Exchange 2010 SP2 servers have started taking around 4 days or more to replicate changes from Active directory. Changes that we're making include new groups or changes to a users title/ role.
I've tried rebooting exchange to force the OAB to re-generate and changing the DC that Exchange points to, but when i check the EMC the user's details are still out of date. If I make a change to the users details using the EMC they are replicated to AD
immediately.
We've been running the environment in mixed mode for more than 6 months so i dont think it's anything to do with the initial setup given that the issue has only cropped up recently. It could be windows updates, but nothing else has changed.
Environment:
We have Exchange 2x 2010 MB servers and 2xCas/Hub transport servers. All are in the same site/domain/forest with two global catalog domain controllers.
We use Exchange 2010 with SP2 update rollup 6
We also have 2 legacy 2003 servers that host the public folder database, recipient policies etc while we are finalizing the migration.
We have 20 domain controllers all up - one in each site. They are 2003 domain functional level.
All users connect to the central exchange servers at head office.
What I've Already Tried:
The OAB is still hosted on the 2003 servers, I've tried changing it to use a custom update schedule of 4 times a day to no avail.
I've confirmed that this issue still occurs when using OWA to look for the changed data (given the EMC doesn't update this is no surprise)
I've confirmed that the data has replicated to the DC that exchange points to before checking the EMC for updates
I've tried checking from a different exchange server to make sure the EMC wasn't broken on that particular server
I'm not sure what else I can try. I've read the following articles so please dont post links to them as solutions.
- XADM: Troubleshooting Active Directory Connector Replication Issues - http://support.microsoft.com/kb/253841
- Exchange Management Console>Organisation Configuration>You don't have sufficient permissions to view this data -http://social.technet.microsoft.com/Forums/en/exchange2010/thread/b57dc0a3-b2aa-48fd-b1c1-fa9583e019be\
- Exchange 2007, Global Address List won't update with new users. - http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/5bf4d999-065e-4b5c-a223-44b67764858f
- Active Directory not replicating - http://social.technet.microsoft.com/Forums/en/winserverDS/thread/62394928-2c05-4589-aea4-dae472948005
- Exchange Management Console>Organisation Configuration You don't have sufficient permissions to view this data -http://social.technet.microsoft.com/Forums/en/exchange2010/thread/b57dc0a3-b2aa-48fd-b1c1-fa9583e019be
- Exchange 2010 problems due to insufficient access to Active Directory - http://thoughtsofanidlemind.wordpress.com/2010/10/08/ex2010-insufficient-access/
- Picker is extremely slow - http://social.technet.microsoft.com/Forums/en/exchangesvradmin/thread/e85d02e3-17e5-45fe-8ecb-a42a4c206690
- Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 -http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/6331f602-4a21-43cb-af71-b5b1c4fcb14
Thanks in advance for your help, i'm stumped!
Simone
-----------------------------------------------------------
This issue seems to have been resolved by the SP2 Update 6 Roll up install. After the install i rebooted everything and tested immediately and didn't see the changes. I tried again today and it's all fine.
Thanks for your help