Search

MachPanel Knowledgebase

ERRMSG:Solution to Active Directory Constraint Violation error

Rehan Waseem
MachPanel

Summary

This article will provide you the solution for the issue of Active Directory Constraint Violation error

Applies to

All Exchange Versions

Error Message

Error: b: Create Global Address List: An Active Directory Constraint Violation error occurred on Dc01.Provider.local. Additional information: The name reference is invalid. This may be caused by replication latency between Active Directory domain controllers. Active directory response: 000020B5: AtrErr: DSID-03153468, #1: 0: 000020B5: DSID-03153468, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 907ff (globalAddressList2) IP= X.X.X.X

Cause

There is a corrupted GAL on Active Directory.

Solution
  • Issue the following Powershell script on the Active Directory server

$ad = [ADSI]"LDAP://rootDSE";

$domain = $ad.rootDomainNamingContext;

$obj = New-Object System.DirectoryServices.DirectoryEntry("LDAP://CN=Microsoft Exchange,CN=Services,CN=Configuration,$domain");

$count = 0;

$Gals1= $obj.GlobalAddressList;

foreach($g in $Gals1)

{

   $g= $g.ToString().ToLower();

   if($g.Contains("cn=deleted objects"))

   {

      Write-Host $g;

      $count= $count +1; 

   }

}

Write-Host "$Count corrupted GAL entries found in property GlobalAddressList";

$count = 0;

$Gals2= $obj.GlobalAddressList2;

foreach($g in $Gals2)

   $g= $g.ToString().ToLower();

   if($g.Contains("cn=deleted objects")) 

   {

      Write-Host $g;   

      $count= $count +1; 

   }

}

Write-Host "$Count corrupted GAL entries found in property GlobalAddressList2";

the output will be like below:

PS C:\> .\check.ps1

cn=test.com gal\0adel:1b6f6184-3e84-44a9-8905-54dd55a7407a,cn=deleted objects,cn=configuration,dc=provider,dc=local

1 corrupted GAL entries found in property GlobalAddressList

0 corrupted GAL entries found in property GlobalAddressList2

PS C:\>

  • Remove corrupted GALs from script output (highlighted in example above as cn=test.com gal\0adel:1b6f6184-3e84-44a9-8905-54dd55a7407a,cn=deleted objects,cn=configuration,dc=provider,dc=local) in : ADSI edit utility > Configuration > Services > CN=Microsoft Exchange > Properties > GlobalAddressList 
    • If there will be corrupted GALs in GlobalAddressList2 - remove them as well.
  • Re-run the task​​
Details
Type: ERRMSG
Level: Beginner
Last Modified: Last Year
Last Modified By: zohaib.shaikh
Rated 3 stars based on 2 votes.
Article has been viewed 4.2K times.
Options
Also In This Category
Tags