The LDAP query in the Active Directory NTDSA Diagnostics Logging may also include objectCategory=CN=Person inside the query processor.
This problem occurs because the Office Communications Server 2007 Web Components Distribution List Expansion Service found two or more entries in Active Directory that were a Group, a User, or a Contact (possible group for trusted forest). This occurs when at least two of these objects shared the same mail (SMTP) attribute. This is an unexpected configuration.
A secondary problem is that the LDAP query that is being used inside the Web Components Distribution List Expansion Service incorrectly searched with a filter of objectCategory is "CN=Person." This applies to both contacts and users.
To work around this issue, make sure that all users, groups, and contacts do not share an SMTP address.
To resolve this issue, apply the hotfix that is described in Microsoft Knowledge Base article 959385. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
959385 Description of the update package for Office Communications Server 2007 - Web Components November 2008
The hotfix now uses a compound query that will search only groups and contacts (possible groups from another forest).
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
To confirm that two objects are sharing the same mail attribute value, an administrator can run one of the following tests.
How to test with Windows Address Book - Windows People Search (easy)
On Windows Server 2003, click Start, click Run, type WAB.EXE, and then press ENTER.
On the toolbar, click Find People.
In the Find People dialog box, select Active Directory in the Look In drop-down box.
In the Find People dialog box, type the SMTP address to search for.
Click Find Now.
How to test with Ldp.exe (advanced)
On Windows Server 2003 with the Support Tools installed, start Ldp.exe.
On the Connection menu, click Connect, and then click OK.
On the Connection menu, click Bind, and then click OK.
On the Browse menu, click Search.
In the Search dialog box, type the following filter to search for. Replace email@example.com with the valid SMTP address.