Retain 3.x, 4.x
Exchange 2007, 2010, 2013, 2016
10:07:52,746 LiveEWSUserSelection - javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031522C9, problem 2001 (NO_OBJECT), data 0, best match of: 'CN=InformationStore,CN=EXCH01,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=[organization name],CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=[domain],DC=local']; remaining name 'CN=Mailbox Database,CN=First Storage Group,CN=InformationStore,CN=EXCH01,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=[organization name],CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=[domain],DC=local'
This was a rights issue in Exchange 2007, but this could also occur in Exchange 2010 or later. Retain first does an LDAP lookup to find the list of Exchange users in Active Directory. In this case, the impersonation account set up for Retain to access the mailboxes did not have rights to all of Active Directory. To resolve the issue, follow these steps:
- Launch Active Directory Sites and Services.
- The Services node is not visible by default, so click on the top node and then click on View | Show Services Node. Then you can traverse the tree as delineated in the error from the Worker log.
In this case, it was: Services/Microsoft Exchange/[organization name]/Administrative Groups/Exchange Administrative Group (FYDIBOHF23SPDLT)/Servers/EXCH01/InformationStore/First Storage Group/
- Right-click and select Properties | Security and find the impersonation account used for the Retain Application Impersonation user.
- Add all permissions for the Retain Application Impersonation user:
This error can also be thrown when a user is manually added to a Retain archive job, then deleted in Exchange. Simply remove the user from the list of users in Retain and the archive job should run. A better solution would be to create a distribution list in Exchange and then select the distribution list in Retain. That will prevent the error from occurring again.