Solution to Active Directory Constraint Violation error


Summary

This article will provide you the solution for the issue of Active Directory Constraint Violation error

Applies to

All Exchange Versions

Error Message

Error: b: Create Global Address List: An Active Directory Constraint Violation error occurred on Dc01.Provider.local. Additional information: The name reference is invalid. This may be caused by replication latency between Active Directory domain controllers. Active directory response: 000020B5: AtrErr: DSID-03153468, #1: 0: 000020B5: DSID-03153468, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 907ff (globalAddressList2) IP= X.X.X.X

Cause

There is a corrupted GAL on Active Directory.

Solution
  • Issue the following Powershell script on the Active Directory server

$ad = [ADSI]"LDAP://rootDSE";

$domain = $ad.rootDomainNamingContext;

$obj = New-Object System.DirectoryServices.DirectoryEntry("LDAP://CN=Microsoft Exchange,CN=Services,CN=Configuration,$domain");

$count = 0;

$Gals1= $obj.GlobalAddressList;

foreach($g in $Gals1)

{

   $g= $g.ToString().ToLower();

   if($g.Contains("cn=deleted objects"))

   {

      Write-Host $g;

      $count= $count +1; 

   }

}

Write-Host "$Count corrupted GAL entries found in property GlobalAddressList";

$count = 0;

$Gals2= $obj.GlobalAddressList2;

foreach($g in $Gals2)

   $g= $g.ToString().ToLower();

   if($g.Contains("cn=deleted objects")) 

   {

      Write-Host $g;   

      $count= $count +1; 

   }

}

Write-Host "$Count corrupted GAL entries found in property GlobalAddressList2";

the output will be like below:

PS C:\> .\check.ps1

cn=test.com gal\0adel:1b6f6184-3e84-44a9-8905-54dd55a7407a,cn=deleted objects,cn=configuration,dc=provider,dc=local

1 corrupted GAL entries found in property GlobalAddressList

0 corrupted GAL entries found in property GlobalAddressList2

PS C:\>

  • Remove corrupted GALs from script output (highlighted in example above as cn=test.com gal\0adel:1b6f6184-3e84-44a9-8905-54dd55a7407a,cn=deleted objects,cn=configuration,dc=provider,dc=local) in : ADSI edit utility > Configuration > Services > CN=Microsoft Exchange > Properties > GlobalAddressList 
    • If there will be corrupted GALs in GlobalAddressList2 - remove them as well.
  • Re-run the task​​