Symptoms

Some operations with mailboxes like changing protocols and limits or updating email addresses fail with the following error:

Provisioning request failed. Unknown error 0x80131600[
<response>
  <errorContext
      description="A constraint violation occurred. (Exception from HRESULT: 0x8007202F)"
      code="0x80131600" executeSeqNo="2">
    <errorSource namespace="Exchange 2007 Provider" procedure="ModifyMailbox"/>
    <errorSource namespace="SW Managed Exchange" procedure="ModifyMailbox"/>
  </errorContext>
</response>
]

It happens while executing the operation for the first time. Having been restared, the operation completes successfully and the task either finishes or fails on the next mailbox.

Cause

It happens because a mailbox contains a reference to a removed address list. For example, it can be "All Users" address list (usually it has the following distinguished name: CN=All Users,CN=All Address Lists,CN=Address Lists Container,CN=chost,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=provider,DC=local).

References to the address lists where a mailbox should be visible are stored in Active Directory in the mailbox's user entity as a multi-value property "showInAddressBook". If someone removed an entity of the address list from Active Directory, the corresponding references become invalid. As a result, some operations with the user entities that contains such references may fail with the error "A constraint violation occured". One of these operations is the extending of "showInAddressBook" property with new values. "ModifyMailbox" procedure always tries to restore "All Users" address list in "showInAddressBook" property if it has found that this list is absent, but it does not clean the property from invalid references, and this cause the fail. The procedure does such cleaning during the rollback phase after the failing, so the second attempt to modify the mailbox performs without errors.

Resolution

If you have few mailboxes with corrupted references to address lists, you can just restart the failed tasks until they complete.

If you get this error and you are expecting that a list removing has affected a huge amount of mailboxes (for example, you know that "All Users" list was removed some time ago) you can do the following:

  1. Get all users from Active Directory which have a non-empty "showInAddressBook" property:

    ldifde -f mailboxes.txt -d "OU=Hosting,DC=dev02,DC=local" -r "(&(objectClass=user)(showInAddressBook=*))" -l showInAddressBook
    
  2. Search invalid references in "mailboxes.txt" file string - these references contain \0ADEL: string.
  3. For each mailbox with the invalid reference, prepare the following MPS script (replace "AD01.provider.local" with the real name of the preferred DC and "LDAP://CN=mailbox,OU=Customer,OU=Provider,OU=Hosting,DC=provider,DC=local" with the real path of the mailbox user):

    <?xml version="1.0" encoding="UTF-8" standalone="no" ?>
    <request xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
        <data/>
        <procedure>
            <execute impersonate="1" namespace="SW Managed Exchange" procedure="ModifyMailbox">
            <after destination="data" destinationPath="log" source="executeData"/>
                <executeData>
                    <preferredDomainController>AD01.provider.local</preferredDomainController>
                    <user>LDAP://CN=mailbox,OU=Customer,OU=Provider,OU=Hosting,DC=provider,DC=local</user>
                </executeData>
            </execute>
        </procedure>
    </request>
    
  4. Execute this request (assume that the script is stored into request.xml file):

    "c:\Program Files\Microsoft Provisioning\Tools\ProvTest.exe" -x2 request.xml
    

    The script execution fails with the error "A constraint violation occurred.". But you can execute it again and it should complete successfully.

Internal content