Error while enabling Exchange 2013 Hybrid - Update-EmailAddressPolicy

Ian562 61 Reputation points
2021-02-16T21:51:48.607+00:00

Hello Everyone,

While attempting to configure our Exchange 2013 environment in Hybrid mode the wizard is failing on the Update-EmailAddressPolicy -Identity "Default Policy" -UpdateSecondaryAddressesOnly: $true

I see it worked on some users but there is still over a thousand that it did not work on. We are one CU23 with up to date servers.

Is there a way to scope the update-emailaddresspoilcy to certain users?

Can't read all of the recipient objects that you want to update update using LDAP recipient filter "(mailNickname=*)"
of object "Default Policy". The following exception occurred: Active Directory operation failed on
DC01.domain.com. Additional information: Active Directory rejected paged search cookie because a cookie
handle was discarded by a Domain Controller or a different LDAP connection was used on subsequent page retrieval.
Paged search needs to be restarted and will succeed.
Additional information: The parameter is incorrect.
Active directory response: 00000057: LdapErr: DSID-0C090B26, comment: Error processing control, data 0, v4563.

  • CategoryInfo : InvalidOperation: (Default Policy:ADObjectId) [Update-EmailAddressPolicy], InvalidOperat
    ionException
  • FullyQualifiedErrorId : [Server=ExchMBX01,RequestId=fbc467bd-4e5b-4c7e-840b-6f13b0aef520,TimeStamp=2/16/2021 8:
    42:21 PM] [FailureCategory=Cmdlet-InvalidOperationException] C6E7F98,Microsoft.Exchange.Management.SystemConfigura
    tionTasks.UpdateEmailAddressPolicy
  • PSComputerName : ExchCAS01.domain.com
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,625 questions
Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
2,094 questions
{count} votes

Accepted answer
  1. Lucas Liu-MSFT 6,176 Reputation points
    2021-02-17T02:41:27.68+00:00

    Hi @Ian562 ,
    The same as Andy said, you could run the following command to scope to recipients in email address policy. But according to the information you provided, I noted that you want to modify the Default Policy, we cannot change the type or attributes of recipients in the Default Email Address Policy (applicable to all recipient types).

    Set-EmailAddressPolicy -Identity "<>" -RecipientContainer <> -RecipientFilter <>  
    

    What’s the version of your domain controller?
    According to the research on the error message, I found a similar case in Windows server 2008 R2, please refer to: A paged LDAP query fails on the second page and the pages that follow in Windows Server 2008 R2
    Please pay attention to the solution needs to modify the registry. If you modify the registry incorrectly, it will have a serious impact, so it is recommended that you back up in advance.
    Please refer to: How to back up and restore the registry in Windows

    ----------

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Ian562 61 Reputation points
    2021-02-17T14:46:33.48+00:00

    Hi Andy and Lucas,

    Thanks for the update and information. I was under the impression I could scope the Update-EmailAddressPolicy cmdlet to certain users or an OU. But it appears I need to do that via the Set-EmailAddressPolicy cmdlet. I can look more into that.

    We are running the Default Policy and only that policy. I was thinking that error was happening because the volume of accounts the Update-EmailAddressPolicy was running through.

    What about the option of targeting the users that need the alias directly, could that be an option?

    The domain controller is running Windows 2019.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.