XADM: Error c10361df Occurs When Installing Active Directory Connector
| Article ID | : | 279748 |
| Last Review | : | April 25, 2005 |
| Revision | : | 1.2 |
This article was previously published under Q279748
SYMPTOMS
When you install Active Directory Connector (ADC) when you
are logged on as an account in a mixed mode child domain,
you may receive the following error message:
You must be a member of the Enterprise Administrator
group to run Microsoft Active Directory Connector Setup.
ID no: c10361df
Microsoft Active Directory Connector Setup
ID no: c10361df
Microsoft Active Directory Connector Setup
CAUSE
This issue can occur if the account that you are logged on as is
not a member of the Enterprise Administrator group.
RESOLUTION
NOTE: When this article refers to "native mode," it is
referring to a Windows 2000 domain in native mode, not an
Exchange 2000 organization in native mode.
To resolve this issue, install ADC in the child domain by using either of the following methods:
To resolve this issue, install ADC in the child domain by using either of the following methods:
- Install ADC on a computer in the child domain by logging on
to the computer using an account in the root domain that is a
member of the Enterprise Administrator group.
-or- -
Convert the root and child domains to native mode. The account in the child domain can then be added to the Enterprise Administrator group. Before you making this change, be sure you have taken the necessary steps to prepare your domains for the transition to native mode. You cannot reverse changes to the domains after they are converted to native mode.
For additional information, click the article number below to view the article in the Microsoft Knowledge Base:231273 (http://support.microsoft.com/kb/231273/EN-US/) Group Type and Scope Usage in Windows 2000
After you install ADC, you can use an account in the child domain to administer ADC even if it is not a member of the Enterprise Administrator group.
MORE INFORMATION
The Exchange 2000 release notes contain the following
information:
Installing Active Directory Connector in a Child Domain
If you want to install Active Directory Connector (ADC) into
a child domain, you must first extend the Active Directory
schema by running the Active Directory Connector setup from
a command line in the domain where the schema master is
located and using the /schemaonly flag. The root domain is
used by default. Then, after information is replicated to
the child domain, you can run the Active Directory Connector
setup in the child domain using a user account from the
child domain.
To run setup for ADC, the account you are logged on as must be a
member of the Enterprise Administrator group. However, if the
root domain is a mixed mode domain, you cannot add other groups
or user accounts from other domains to the Enterprise
Administrator group.
If the root domain is in native mode and the child domain is in mixed mode, you can add an account from the child domain, but the group membership is not replicated to the mixed mode child domain.
To successfully run setup while logged on as an account in the child domain, both the root and child domain must be in native mode and your account must be a member of the Enterprise Administrator group.
When the root domain is in mixed mode, the Enterprise Administrator group type is "Security Group - Global". By definition, global groups cannot contain users or groups from other domains. In addition, you cannot add other groups in the same domain to a global group when the domain is in mixed mode.
When you change the domain to native mode, the Enterprise Administrator group type becomes "Security Group - Universal". Universal groups can contain other groups (global or universal) and user accounts from other domains.
If the root domain is in native mode and the child domain is in mixed mode, you can add an account from the child domain, but the group membership is not replicated to the mixed mode child domain.
To successfully run setup while logged on as an account in the child domain, both the root and child domain must be in native mode and your account must be a member of the Enterprise Administrator group.
When the root domain is in mixed mode, the Enterprise Administrator group type is "Security Group - Global". By definition, global groups cannot contain users or groups from other domains. In addition, you cannot add other groups in the same domain to a global group when the domain is in mixed mode.
When you change the domain to native mode, the Enterprise Administrator group type becomes "Security Group - Universal". Universal groups can contain other groups (global or universal) and user accounts from other domains.
APPLIES TO
- Microsoft Exchange 2000 Server Standard Edition