MachPanel Knowledgebase

Home
»
Knowledgebase
»
MachPanel
»
ERRMSG:Solution to Active Directory Constraint Violation error

ERRMSG:Solution to Active Directory Constraint Violation error

: Last Year
: Rehan Waseem
: MachPanel

Summary

This article will provide you the solution for the issue of Active Directory Constraint Violation error

Applies to

All Exchange Versions

Error Message

Error: b: Create Global Address List: An Active Directory Constraint Violation error occurred on Dc01.Provider.local. Additional information: The name reference is invalid. This may be caused by replication latency between Active Directory domain controllers. Active directory response: 000020B5: AtrErr: DSID-03153468, #1: 0: 000020B5: DSID-03153468, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 907ff (globalAddressList2) IP= X.X.X.X

Cause

There is a corrupted GAL on Active Directory.

Solution

Issue the following Powershell script on the Active Directory server

$ad = [ADSI]"LDAP://rootDSE";

$domain = $ad.rootDomainNamingContext;

$obj = New-Object System.DirectoryServices.DirectoryEntry("LDAP://CN=Microsoft Exchange,CN=Services,CN=Configuration,$domain");

$count = 0;

$Gals1= $obj.GlobalAddressList;

foreach($g in $Gals1)

{

$g= $g.ToString().ToLower();

if($g.Contains("cn=deleted objects"))

{

Write-Host $g;

$count= $count +1;

}

Write-Host "$Count corrupted GAL entries found in property GlobalAddressList";

$count = 0;

$Gals2= $obj.GlobalAddressList2;

foreach($g in $Gals2)

{

$g= $g.ToString().ToLower();

if($g.Contains("cn=deleted objects"))

{

Write-Host $g;

$count= $count +1;

}

Write-Host "$Count corrupted GAL entries found in property GlobalAddressList2";

the output will be like below:

PS C:\> .\check.ps1

cn=test.com gal\0adel:1b6f6184-3e84-44a9-8905-54dd55a7407a,cn=deleted objects,cn=configuration,dc=provider,dc=local

1 corrupted GAL entries found in property GlobalAddressList

0 corrupted GAL entries found in property GlobalAddressList2

PS C:\>

Remove corrupted GALs from script output (highlighted in example above as cn=test.com gal\0adel:1b6f6184-3e84-44a9-8905-54dd55a7407a,cn=deleted objects,cn=configuration,dc=provider,dc=local) in : ADSI edit utility > Configuration > Services > CN=Microsoft Exchange > Properties > GlobalAddressList
- If there will be corrupted GALs in GlobalAddressList2 - remove them as well.
Re-run the task