Exchange 2013: Event ID 2937 MSExchange ADAccess after Exchange decommissioning

I have been performing health check for one of my exchange 2013 organization and noticed few warning messages in application logs related to MSExchange ADAccess. The warning messages were related to a pointer of user object pointing to a database that no longer exist in exchange server. Below is the detailed warning message.

Process w3wp.exe (ECP) (PID=11448). Object [CN=Riaz Butt,OU=Test,DC=mscloudtalks,DC=com]. Property [PreviousDatabase] is set to value [mscloudtalks.com/Configuration/Deleted Objects/DB01
DEL:30e71668-0813-4277-b9dd-4513a506c10a], it is pointing to the Deleted Objects container in Active Directory. This property should be fixed as soon as possible.

Event log that was being captured by Applications logs on Exchange server was related to MSExchange ADAccess Event ID 2937.

Exchange 2013: Event ID 2937 MSExchange ADAccess after Exchange decommissioning Exchange 2013: Event ID 2937 MSExchange ADAccess after Exchange decommissioningThis issue needs to be fixed ASAP as it can cause service interruption to the user for which you are getting this warning error message. A quick check of user attributes in active directory confirmed the warning message and the reason why I was getting the warning message.

How to fix Event ID 2937 MSExchange ADAccess Warning?

  • Log in to domain controller and launch Active Directory Users and Computers
  • Make sure you have “Advanced Features” enabled from view menu.

Exchange 2013: Event ID 2937 MSExchange ADAccess after Exchange decommissioning

  • Browse to the OU where user account resides and go to the properties of the user account

Exchange 2013: Event ID 2937 MSExchange ADAccess after Exchange decommissioning

  • Click on Attribute Editor and search for the attribute “msExchPreviousHomeMDB

5

  • Clear the value and hit ok
  • Click on Apply to save the changes and wait for Active Directory replication or manually replicate the AD changes using the powershell cmdlet

C:\> Repadmin /Syncall /Force

Once the active directory replication is completed, you’ll not see any issues related to user database property pointing to a deleted object container. This will fix a lot of end user issues as well.