Cannot Remove Orphaned Exchange Domain Servers Security Group from Exchange Enterprise Servers Security Group

This article has been archived. It is offered "as is" and will no longer be updated.
When you try to remove an orphaned Exchange Domain Servers security group from the Exchange Enterprise Servers security group, you may receive the following error message:
The following Active Directory Error occurred: Element not found
The following error message may appear several times in the application log of the domain controller:
Event Type: Error
Event Source: MSExchangeAL
Event Category: LDAP Operations
Event ID: 8270
User: N/A
Description: LDAP returned the error [35]
Unwilling To Perform when importing the transaction
dn: changetype: Modify member:delete: - DC=lc1b41dc,DC=com
This symptom may occur if the following events occur:
  • Two domains are created by using a child-parent configuration.
  • An Exchange 2000 Server organization is installed across both domains.
  • Exchange 2000 Server is removed from the child domain computer.
  • The Dcpromo.exe tool is used to demote the child domain computer.

Service Pack Information

To resolve this problem, obtain the latest service pack for Microsoft Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack

Hotfix Information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language. Component:

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
   Date         Time    Version          Size      File name   ---------------------------------------------------------------------   16-Feb-2003  22:30   5.0.2195.6613    124,176   Adsldp.dll   16-Feb-2003  22:30   5.0.2195.6601    130,832   Adsldpc.dll   24-Feb-2003  22:06   5.0.2195.6667     62,736   Adsmsext.dll   16-Feb-2003  22:30   5.0.2195.6660    377,616   Advapi32.dll   16-Feb-2003  22:30   5.0.2195.6611     49,936   Browser.dll   16-Feb-2003  22:30   5.0.2195.6663    135,952   Dnsapi.dll   16-Feb-2003  22:30   5.0.2195.6663     96,528   Dnsrslvr.dll   16-Feb-2003  22:30   5.0.2195.6661     46,352   Eventlog.dll   16-Feb-2003  22:30   5.0.2195.6627    148,240   Kdcsvc.dll   20-Feb-2003  22:11   5.0.2195.6666    204,560   Kerberos.dll   03-Dec-2002  01:09   5.0.2195.6621     71,888   Ksecdd.sys   24-Jan-2003  20:40   5.0.2195.6659    509,712   Lsasrv.dll   24-Jan-2003  20:41   5.0.2195.6659     33,552   Lsass.exe   05-Feb-2003  14:59   5.0.2195.6662    109,328   Msv1_0.dll   16-Feb-2003  22:30   5.0.2195.6601    312,592   Netapi32.dll   16-Feb-2003  22:30   5.0.2195.6627    360,720   Netlogon.dll   24-Feb-2003  22:05   5.0.2195.6669    929,552   Ntdsa.dll   24-Feb-2003  22:05   5.0.2195.6666    392,464   Samsrv.dll   16-Feb-2003  22:30   5.0.2195.6622    112,912   Scecli.dll   16-Feb-2003  22:30   5.0.2195.6625    305,936   Scesrv.dll   10-Feb-2003  21:22   5.0.2195.6663    166,912   Sp3res.dll   16-Feb-2003  22:30   5.0.2195.6601     51,472   W32time.dll   16-Aug-2002  11:32   5.0.2195.6601     57,104   W32tm.exe   24-Feb-2003  22:05   5.0.2195.6666    125,200   Wldap32.dll   24-Feb-2003  21:24   5.0.2195.6659    509,712   Lsasrv.dll   [56bit] 
Note Because of file dependencies, this update requires Microsoft Windows 2000 Service Pack 3 (SP3).

For additional information about how to obtain the latest Windows 2000 Service Pack, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
Important You only have to install this hotfix on one domain controller in each domain where you will be removing the orphaned object. After you install the hotfix on this domain controller, you can use this domain controller to remove the object.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Microsoft Windows 2000 Service Pack 4.

Article ID: 813877 - Last Review: 02/27/2014 21:16:49 - Revision: 4.8

Microsoft Exchange 2000 Server Standard Edition, Microsoft Windows 2000 Service Pack 3, Microsoft Windows 2000 Advanced Server SP3, Microsoft Windows 2000 Service Pack 3

  • kbnosurvey kbarchive kbautohotfix kbhotfixserver kbqfe kbsecurity kbwin2ksp4fix kbprb kbenv kbfix kbbug KB813877