The information store could not be opened.
The MAPI provider failed.
ID no: 8004011d-0289-00000000
Event Category:Move Mailbox
Started to move mailbox 'DDD R1'.
Source Database: /o=Microsoft/ou=AdminGroup/cn=Configuration/cn=Servers/cn=SERVER1/cn=Microsoft Private MDB
/o=Microsoft/ou=AdminGroup/cn=Configuration/cn=Servers/cn=SERVER2/cn=Microsoft Private MDB
Exchange DN: /o=Microsoft/ou=AdminGroup/cn=Recipients/cn=Alias
Disabled user /o=Microsoft/ou=AdminGroup/cn=Recipients/cn=Alias does not have a master account SID. Please use Active Directory MMC to set an active account as this user's master account.
Event Source:MSExchangeIS Mailbox Store
Event Category:Log ons
Log on Failure on database "First Storage Group\Private Information Store (ALIA)" - Windows 2000 account DOMAIN\administrator; mailbox /o=Microsoft/ou=AdminGroup/cn=Recipients/cn=ALIAS. Error: -2147221231
A similar sequence of errors may be displayed when you try to log on to an Exchange 2000 computer mailbox or an Exchange 2003 computer mailbox.
- In the Active Directory Users and Computers snap-in, on the
View menu, click Advanced Features.
- In the Exchange Advanced properties of the disabled user object that owns the mailbox, click Mailbox Rights, and then search the list of accounts for one that has the Associated External Account permission.
- If no account has this permission, grant the SELF account Associated External Account and Full Mailbox Access permissions.
Note The SELF account is available in all Windows 2000 domains. All SELF accounts share a well-known security identifier (SID) that is the same across all domains. If the SELF account is not already listed in the Permissions dialog box, you can add it by typing SELFas the account name.
Only one account at a time can have the Associated External Account permission. If this permission is currently owned by an account that is unwanted or that is not valid, you must remove the permission on that account before you apply the account to SELF.
After you remove the Associated External Account permission from an account, exit all properties dialog boxes for the disabled user object. (To do this, click OK, not Cancel, at each level.) You must do this because changes to permissions are not applied immediately, but only after you have exited the object properties for the user. You will be blocked from changing the owner of the Associated External Account permission until you have closed and re-opened the properties of the object.
- Reset the Associated External Account permission to SELF.
To set the msExchMasterAccountSID attribute for lots of disabled user accounts, you can use the Collaboration Data Objects for Exchange Management (CDOEXM) interface to modify the mailbox security descriptor. Starting with Microsoft Exchange 2000 Server Service Pack 2 (SP2), a new interface is made available in CDOEXM. This interface is named MailboxRights. This exposure lets you modify the mailbox security descriptor programmatically.
For more information about how to script a bulk change of the msExchMasterAccountSid attribute, click the following article number to view the article in the Microsoft Knowledge Base:
- -f: This switch indicates the export destination file.
- -d: This switch indicates that the Microsoft Windows domain from which to export user objects. For example, if the Active Directory Users and Computers management console for the domain lists the domain as
corp.company.com, it would become "dc=corp,dc=company,dc=com".
- -l: This switch, if it is used, restricts output to the export file of only the attributes enumerated by the switch. In this case, the non-existent attribute nothing is used so that only object names, not attributes, are generated.
- -r: This switch indicates the LDAP search filter by using the standard LDAP query syntax. You can also use this search string with Ldp.exe and other LDAP tools. In this case, the search is for all user objects that are disabled (msExchMasterAccountControl value of 2) and that do not have an msExchMasterAccountSID attribute.
For more information about how to use Ldifde in Active Directory, click the following article number to view the article in the Microsoft Knowledge Base:
dn: CN=AAA R1,OU=Recipients,DC=domain,DC=com
dn: CN=AAA R2,OU=Recipients,DC=domain,DC=com
. . . . .
รหัสบทความ: 278966 - การตรวจสอบครั้งสุดท้าย: 25 ต.ค. 2007 - ฉบับแก้ไข: 1