A user in a trusted account forest cannot use the EMC to manage an Exchange Server 2010 SP2 server
Consider the following scenario:
- You have a resource forest (forest A) and a trusted account forest (forest B) in a Microsoft Exchange Server 2010 environment.
- You install Exchange Server 2010 Service Pack 2 (SP2) on the Exchange Server 2010 server.
- You link a Universal Security Group (USG) in forest B to a role group in forest A.
- A user is a member of the USG and has permissions to manage the Exchange Server 2010 server in forest A.
- You remove the USG from the Active Directory Domain Service in forest B.
- The user opens the Exchange Management Console (EMC) in forest A, and then the user tries to expand the Microsoft Exchange On-Premises node.
In this scenario, the user receives the following error message:
The following error occurred when retrieving user information for 'domain name\account':
Unexpected error XXXXXXXX while executing command 'Get-Linkedrolegroupforlogonuser'.
The issue occurs because the group security identifier (SID) of the user is corrupted or invalid. Therefore, an exception occurs, and EMC cannot be initialized.
To resolve this issue, install the following cumulative update:
Description of Update Rollup 2 for Exchange Server 2010 Service Pack 2
For more information about how to create a linked role group, visit the following Microsoft website:
Article ID: 2672225 - Last Review: 05/11/2012 06:58:00 - Revision: 2.0
Microsoft Exchange Server 2010 Service Pack 2, Microsoft Exchange Server 2010 Enterprise, Microsoft Exchange Server 2010 Standard
- kbqfe kbfix kbsurveynew kbexpertiseinter KB2672225