Topic Last Modified: 2006-11-30

The Microsoft® Exchange Server Analyzer Tool queries the Active Directory® directory service to determine the format for the legacyExchangeDN attribute on the administrative group container object. If the Exchange Server Analyzer finds the legacyExchangeDN attribute on the administrative group does not match the legacyExchangeDN for the Exchange organization, an error is displayed.

Exchange uses the legacyExchangeDN value to identify Exchange objects in Active Directory. The legacyExchangeDN value is a distinguished name that indicates where the object fits in the Exchange organization, for example:

/o= organization /ou= administrative group

Objects such as servers and folder hierarchies inherit part of their legacyExchangeDN values from the administrative group. This means that if there is a problem with the administrative group value, many other objects may inherit the same problem.

Usually problems with the legacyExchangeDN occur when an administrator has tried to directly modify the value. You must correct the value using a tool such as the Active Directory Service Interfaces (ADSI) Edit snap-in, the LDP (ldp.exe) tool, or any other Lightweight Directory Access Protocol (LDAP) version 3 client.

If you incorrectly modify the attributes of Active Directory objects when you use ADSI Edit, the LDP tool, or another LDAP version 3 client, you may cause serious problems. These problems may require that you reinstall Microsoft Windows Server™ 2003, Exchange Server 2003 or Exchange Server 2007, or both. Modify Active Directory object attributes at your own risk.

To correct this error

  1. Use an Active Directory editor, such as ADSI Edit, to locate the administrative group object in Active Directory.

    The legacyExchangeDN attribute can be found at:

    CN=Configuration, CN=Services, CN=Microsoft Exchange, CN=Organization, CN=Administrative Groups, CN= Administrative group

  2. Type a new string value of the form:

    /o= organization /ou= administrative group

For more information about using the LDP tool, see the Microsoft Knowledge Base article 260745, "XADM: Using the LDP Utility to Modify Active Directory Object Attributes" (

For more information about working with ADSI Edit, see the topic, "Adsiedit.msc: ADSI Edit" in Windows Server Help.