Exchange 2007 Heath Check knowledge script fails to create CAS account. (NETIQKB71659)

  • 7771659
  • 03-Aug-2009
  • 16-Dec-2010


NetIQ AppManager 7.0.x
NetIQ AppManager for Microsoft Exchange 2007
Microsoft Exchange Server 2007



There are multiple organizational units matching the identity "Users".

Could not find or log on with user\CAS_a###a######. If this task is being run without credentials, log on as a Domain Administrator, and then run the new-TestCasConnectivityUser.ps1 to verify that the user exists on Mailbox server


To correct this issue:

  • Verify that the account running the NetIQ agent service (netiqmc) has met the minimum requirements noted in the module documentation.
  • Log on to the Exchange server as the account that is running the netiqmc service and follow the process below:
    • Open Exchange Management Shell and execute new-TestCasConnectivityUser.ps1
      • If the cmdlet fails, it will provide you with an error message here, usually permissions related, if not continue:
    • Enter a temporary secure password for creating test users.  (The password you enter here is irrelevant, as it will change often for security reasons)
    • Press enter (do not press control + break as this will abort the process)
  • If you encounter an error stating : There are multiple organizational units matching the identity "Users", you must manually enter the container for the default domain users group.  The format for this entry is :

This will create the CAS account in active directory, which can be verified by searching for 'CAS' in the default users container on your domain controller.  Once the account has been created manually, re-run the Heath Check knowledge script the the error referenced above should not re-occur.  You do not need to execute this procedure on all of your Exchange servers.


The account that is being used by AppManager does not have permissions to create an account, or there are more than one organizational units in your domain (even nested) with the container name of 'Users'

Additional Information

Formerly known as NETIQKB71659