Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
You cannot move or log on to an Exchange resource mailbox
Article ID: 278966 - View products that this article applies to.
This article was previously published under Q278966
When you move a mailbox from a Microsoft Exchange Server 5.5 computer to a Microsoft Exchange 2000 Server computer or to a Microsoft Exchange Server 2003 computer, you may receive the following error message:
Additionally, the following event ID messages may be logged in the Application log:
Error: Opening destination mailbox.
The information store could not be opened.
The MAPI provider failed.
ID no: 8004011d-0289-00000000
Event Type: Information
Event Source: MSExchangeAdmin
Event Category: Move Mailbox
Event ID: 1006
Time: 4:24:53 PM
Started to move mailbox 'DDD R1'.
Source Database: /o=Microsoft/ou=AdminGroup/cn=Configuration/cn=Servers/cn=SERVER1/cn=Microsoft Private MDB
/o=Microsoft/ou=AdminGroup/cn=Configuration/cn=Servers/cn=SERVER2/cn=Microsoft Private MDB
Exchange DN: /o=Microsoft/ou=AdminGroup/cn=Recipients/cn=Alias
Event Type: Warning
Event Source: MSExchangeIS
Event Category: General
Event ID: 9548
Time: 4:24:54 PM
Disabled user /o=Microsoft/ou=AdminGroup/cn=Recipients/cn=Alias does not have a master account SID. Please use Active Directory MMC to set an active account as this user's master account.
Event Type: ErrorThe error message ID 0x8004011d references MAPI_E_FAILONEPROVIDER. Error event IDs 0x80040111 and -2147221231 correspond to MAPI_E_LOGON_FAILED.
Event Source: MSExchangeIS Mailbox Store
Event Category: Log ons
Event ID: 1022
Time: 4:24:55 PM
Log on Failure on database "First Storage Group\Private Information Store (ALIA)" - Windows 2000 account DOMAIN\administrator; mailbox /o=Microsoft/ou=AdminGroup/cn=Recipients/cn=ALIAS. Error: -2147221231
A similar sequence of errors may be displayed when you try to log on to an Exchange 2000 computer mailbox or an Exchange 2003 computer mailbox.
This problem can occur if the disabled Active Directory directory service user account that is associated with the mailbox does not have an msExchMasterAccountSID attribute.
The steps that are provided in this section are for disabling Active Directory user accounts that have Exchange 2000 mailboxes or Exchange 2003 mailboxes. If you follow these steps when you disable the account, event 9548 is not logged. If only a small number of mailboxes are exhibiting this problem, you can generate an msExchMasterAccountSID attribute. To do this, follow these steps:
To set the msExchMasterAccountSID attribute for lots of disabled user accounts, you can use the Collaboration Data Objects for Exchange Management (CDOEXM) interface to modify the mailbox security descriptor. Starting with Microsoft Exchange 2000 Server Service Pack 2 (SP2), a new interface is made available in CDOEXM. This interface is named MailboxRights. This exposure lets you modify the mailbox security descriptor programmatically.
For more information about how to script a bulk change of the msExchMasterAccountSid attribute, click the following article number to view the article in the Microsoft Knowledge Base:
322890For additional methods that let you set the msExchMasterAccountSid attribute for lots of disabled user accounts, contact Microsoft Product Support Services. For more information about the support options that are available from Microsoft, visit the following Microsoft Web site:
(http://support.microsoft.com/kb/322890/ )How to associate an external account with an existing Exchange 2000 mailbox
http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMSTo determine how many disabled user accounts do not have the msExchMasterAccountSid attribute, you can generate an LDIF formatting export file. To do this, run the following Ldifde.exe command:
ldifde -f file.txt -d "dc=domain,dc=com" -l nothing -r "(&(objectcategory=person)(objectclass=user)(msexchuseraccountcontrol=2)(!(msexchmasteraccountsid=*)))"The following list describes the Ldifde parameters:
For more information about how to use Ldifde in Active Directory, click the following article number to view the article in the Microsoft Knowledge Base:
dn: CN=AAA R1,OU=Recipients,DC=domain,DC=com changetype: add dn: CN=AAA R2,OU=Recipients,DC=domain,DC=com changetype: add . . . . .
237677Note We do not recommend that you use the LDIFDE command-line utility or the ADSIEDIT tool to create, to modify, or to delete the msExchMasterAccountSid attribute.
(http://support.microsoft.com/kb/237677/ )Using LDIFDE to import and export directory objects to Active Directory
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/903158/ )A hotfix is available to modify the way that Exchange Server 2003 handles a disabled Active Directory user account that is associated with an Exchange Server 2003 mailbox
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.