Topic Last Modified: 2005-11-17

The Microsoft® Exchange Server Analyzer Tool queries the Active Directory® directory service to determine the value for the msExchServer1AlwaysCreateAs attribute of each connection agreement object. If the Exchange Server Analyzer determines that the msExchServer1AlwaysCreateAs attribute is not set to 1, a warning is displayed.

The msExchServer1AlwaysCreateAs attribute determines how X.500 objects are synchronized with Active Directory. A value of 0 indicates the connection agreement has been configured to create Microsoft Windows® contacts. A value of 1 for this attribute indicates that the connection agreement has been configured to create disabled Windows user accounts in Active Directory. A value of 2 indicates the connection agreement has been configured to create new Windows user accounts.

The Exchange Server Analyzer issues a warning because in a situation where Exchange Server 5.5 must coexist with Active Directory and a full migration to Exchange Server 2003 is planned, it is important to have Active Directory Connector (ADC) create disabled Windows user accounts. These disabled Windows user accounts are "mailbox-enabled" meaning they are logically attached to a mailbox that exists on the Exchange Server 5.5 computer. Having disabled Windows user accounts created is necessary for the user object that represents this disabled Windows account, to eventually have access to public folders and other secured objects in Active Directory.

In the ADC user interface, there are three options for creating new objects when a matching object is not found in Active Directory for a mailbox in Exchange Server 5.5. These are listed on the Advanced tab in the properties of the connection agreement, as follows:

To correct this warning

  1. Configure the Active Directory Recipient Connection Agreement to create mailbox-enabled disabled Windows user accounts.

  2. Use the Active Directory Migration Tool, which migrates Windows NT Server 4.0 user accounts to Active Directory and creates enabled Windows accounts. These enabled Windows accounts will have the same SID as the disabled Windows accounts created by ADC.

  3. Use the Active Directory Cleanup Wizard (ADClean), which merges the information from the Active Directory Migration Tool-created account into the ADC-created account.

For more information about Active Directory Connector recipient connection agreements, see the following Microsoft Knowledge Base articles: