Consider the following scenario. In an Exchange Server 2007 Service Pack 1 (SP1) environment, there are more than 1,000 users in the organization. You perform a filtered search against a Windows Server 2008 R2 domain controller. Then you receive an error when you run the following PowerShell command:
Get-Recipient : Active Directory operation failed on <Windows Server 2008 domain controller name>. Additional information: Active Directory rejected paged search cookie because a cookie handle was discarded by a domain controller or a different LDAP connection was used on subsequent page retrieval. Restart paged search.
Exchange Server 2007 SP1 passes different BaseDN attributes during the paged search. This is usually not a problem because the Lightweight Directory Access Protocol (LDAP) server just ignores successive BaseDN attributes in earlier versions of Windows. However, Windows Server 2008 R2 rejects all successive searches if the BaseDN attributes are different.
Note A BaseDN attribute is a starting point in the Active Directory hierarchy where any given search starts.
To resolve this problem, install Update Rollup 9 for Exchange 2007 Service Pack 1. For more information about Update Rollup 9 for Exchange Server 2007 Service Pack 1, see the following Exchange Help topic: