Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

ADMT Users with a ExchangeActiveSyncDevices Child Object Fail

2,116 views
Skip to first unread message

blueboy1894

unread,
Mar 9, 2010, 8:59:01 AM3/9/10
to
We are currently migrating users from one child domain to another due to a
geographical location exercise.

I have run into an interesting issue with the ADMT User Migration Wizard
whereby the operation fails for any user who commonly uses an Exchange
ActiveSync device such as the Nokia smartphones we use.

The ADMT log displays the following message at the end:

ERR2:7422 Failed to move source object 'CN=username'. hr=0x8007208c The
operation cannot be performed because child objects exist. This operation can
only be performed on a leaf object.

This makes no sense because users are leaf objects, and shouldn't have any
child objects.

Looking at this in ADSIEdit, any user who has a ActiveSync device now has a
child object - CN=ExchangeActiveSyncDevices.

If the migration wizard is run on a user without this attribute then the
operation completes successfully.

Is it safe to remove this object and set the phone up from scratch, or is
there an approved method for migrating these accounts with the child object.
There doesn't appear to be a method of doing so either from the command line,
or from the ADMT itself.

Thanks in advance.

Chris Latham

Ace Fekay [MVP-DS, MCT]

unread,
Mar 9, 2010, 3:14:19 PM3/9/10
to
"blueboy1894" <blueb...@discussions.microsoft.com> wrote in message news:7161612E-B03C-45E1...@microsoft.com...


I did a migration a year ago from one forest to another, and some were AS users. I had no problems. I am curious. Create a test account currently enabled for ActiveSync and disable the feature for the user, then just migrate that account. Does it work?

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.

jkch...@gmail.com

unread,
Dec 21, 2012, 7:34:28 PM12/21/12
to

jkch...@gmail.com

unread,
Dec 21, 2012, 7:35:21 PM12/21/12
to
I had experienced the same issue when we moved AD mailbox enabled users across domains.
Long story short, in a multiple domains forest (W2K8R2, W2K8, or even W2k3), you will encounter an issue during the user move by using ADMT or Movetree as long as the user has associated LEAF object (cn=msExchangeActiveSync\cn=iPhonedvexxxxxx).
Because we can only move leaf object between domains, not the container. the user object is a LEAF object to domain, we are supposed to move them easily by usig movetree or admt. However, it will turns to a container if it associates with msExchageActiveSynch. That is why you are able to move AD mailbox enabled users after you manually remove the cn=msExchangeActiveSync and cn=iPhonexxxxxx from the ADSIEDIT.msc.
You can also use ldp.exe to search the user object to ensure it does not have such exchange leaf attached.
MCT\MCITP\MCSE
Jack Chen
0 new messages