Error while enabling Exchange 2013 Hybrid - Update-EmailAddressPolicy

Question

Hello Everyone,

While attempting to configure our Exchange 2013 environment in Hybrid mode the wizard is failing on the Update-EmailAddressPolicy -Identity "Default Policy" -UpdateSecondaryAddressesOnly: $true

I see it worked on some users but there is still over a thousand that it did not work on. We are one CU23 with up to date servers.

Is there a way to scope the update-emailaddresspoilcy to certain users?

Can't read all of the recipient objects that you want to update update using LDAP recipient filter "(mailNickname=*)"
of object "Default Policy". The following exception occurred: Active Directory operation failed on
DC01.domain.com. Additional information: Active Directory rejected paged search cookie because a cookie
handle was discarded by a Domain Controller or a different LDAP connection was used on subsequent page retrieval.
Paged search needs to be restarted and will succeed.
Additional information: The parameter is incorrect.
Active directory response: 00000057: LdapErr: DSID-0C090B26, comment: Error processing control, data 0, v4563.

• CategoryInfo : InvalidOperation: (Default Policy:ADObjectId) [Update-EmailAddressPolicy], InvalidOperat
  ionException
• FullyQualifiedErrorId : [Server=ExchMBX01,RequestId=fbc467bd-4e5b-4c7e-840b-6f13b0aef520,TimeStamp=2/16/2021 8:
  42:21 PM] [FailureCategory=Cmdlet-InvalidOperationException] C6E7F98,Microsoft.Exchange.Management.SystemConfigura
  tionTasks.UpdateEmailAddressPolicy
• PSComputerName : ExchCAS01.domain.com

Answer 1

Hi @Ian562 ,
The same as Andy said, you could run the following command to scope to recipients in email address policy. But according to the information you provided, I noted that you want to modify the Default Policy, we cannot change the type or attributes of recipients in the Default Email Address Policy (applicable to all recipient types).

Set-EmailAddressPolicy -Identity "<>" -RecipientContainer <> -RecipientFilter <>  

What’s the version of your domain controller?
According to the research on the error message, I found a similar case in Windows server 2008 R2, please refer to: A paged LDAP query fails on the second page and the pages that follow in Windows Server 2008 R2
Please pay attention to the solution needs to modify the registry. If you modify the registry incorrectly, it will have a serious impact, so it is recommended that you back up in advance.
Please refer to: How to back up and restore the registry in Windows

----------

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Hi Andy and Lucas,

Thanks for the update and information. I was under the impression I could scope the Update-EmailAddressPolicy cmdlet to certain users or an OU. But it appears I need to do that via the Set-EmailAddressPolicy cmdlet. I can look more into that.

We are running the Default Policy and only that policy. I was thinking that error was happening because the volume of accounts the Update-EmailAddressPolicy was running through.

What about the option of targeting the users that need the alias directly, could that be an option?

The domain controller is running Windows 2019.