I recently worked with a customer that was receiving the error message “There is no such object on the server” every time they would attempt to verify, deploy, or remove a rule. This issue started happening as soon as they upgraded from Exchange 2007 to Exchange 2010. Below is a screenshot showing the specific error message.
When you attempt to verify, deploy, or remove rules with rule deployment wizard it will first make a LDAP request to pull properties for the users or queues. To see the exact LDAP queries being executed we used Network Monitor. On the effected environment we could see that the rule deployment wizard would first try querying for the administrator account before it would look at any of the actual users. In this particular environment the Administrator account had been renamed so the rule deployment wizard would fail with the “No Such Object” error message. Once it failed to find the Administrator account it would not proceed to look for the remaining accounts.
This behavior was now changed in recent update rollups so that it is no longer searching for the account “Administrator”. If you are receiving this error message or have renamed the Administrator account you will want to make sure most recent update rollups are applied to the rule deployment wizard.
Once we installed the latest update rollup the rule deployment wizard was able to successfully find the Active Directory properties. The AD properties are then passed as arguments to rules.exe which communicates with Exchange and modify the rules. Below we have used Process Monitor to see exactly which arguments are being passed to the rules.exe application.
Sample command sent to the rules.exe application
"Rules.exe" "/verify" "JEMORL98" "/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=JEMORL98/cn=Microsoft Private MDB" "/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Administrator" "/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=support q" "email@example.com" "0" "1"
By using Network Monitor and Process Monitor we were able to track down the source of the issue and find the failing request. If you are running into other issues with the rule deployment wizard you may be able to use this troubleshooting process to narrow down the source of the issue.