An error message is returned when you run the Get-Recipient command in the Exchange Management Shell that uses a Windows Server 2008 domain controller


Consider the following scenario. In an Exchange Server 2007 Service Pack 1 (SP1) environment, there are more than 1,000 users in the organization. You perform a filtered search against a Windows Server 2008 R2 domain controller. Then you receive an error when you run the following PowerShell command:
Get-Recipient -SortBy "DisplayName" -RecipientType "UserMailbox" -ResultSize “Unlimited”

The following error is returned in this scenario:
Get-Recipient : Active Directory operation failed on  <Windows Server 2008 domain controller name> . Additional information: Active Directory rejected paged search cookie because a cookie handle was discarded by a domain controller or a different LDAP connection was used on subsequent page retrieval. Restart paged search.


Exchange Server 2007 SP1 passes different BaseDN attributes during the paged search. This is usually not a problem because the Lightweight Directory Access Protocol (LDAP) server just ignores successive BaseDN attributes in earlier versions of Windows. However, Windows Server 2008 R2 rejects all successive searches if the BaseDN attributes are different.

Note A BaseDN attribute is a starting point in the Active Directory hierarchy where any given search starts.


To resolve this problem, install Update Rollup 9 for Exchange 2007 Service Pack 1. For more information about Update Rollup 9 for Exchange Server 2007 Service Pack 1, see the following Exchange Help topic: For more information about how to obtain the latest Exchange service pack or update rollup, see the following Exchange Help topic:

More Information

For more information about the Get-Recipient command, visit the following Microsoft Web site:


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.