Restoring Deleted Active Directory User fails with Error 0x2077 Illegal Modify Operation

I was attempting to restore an Active Directory User that was accidentally deleted on a SBS 2011 server using the steps outlined in this Microsoft KB Article, however I kept coming up short with the following error message.

“Error 0x2077 Illegal modify operation. Some aspect of the modification is not permitted.”

I was a bit stumped until I read a few of the comments on that article. If you are experiencing this error, check out these tips by Brandon in the comments. Worked perfectly after I followed these steps. Thank you, kind sir.

  • Insure that you are connecting to your DC by using LDAPS (SSL, port 636)
  • When performing the rename operation using LDP.exe, insure that you are changing the distinguishedName to an object that doesn’t exist. In my case, I received this error when I forgot to include the computer’s name in the DN (meaning, I only had OU=x,DC=y,DC=z instead of CN=Server,OU=x,DC=y,DC=z)
  • If using powershell and you receive this error: use LDP.exe and insure you are using LDAPS and a DN that doesnt exist

Change SBS 2011 Exchange SMTP Send Connector Port

On several occasions I’ve noticed that Comcast seems to be blocking port 25 on their internet connections. This, of course, is an issue for SBS 2011 networks and outgoing SMTP email. For most cases I use a Smart Host for outbound email such as DynDNS. However, the built in wizard for configuring the Smart Host does not allow you to specify which port to use. Fortunately, with two simple powershell commands you can change this.

  1. Open Exchange Management Shell (EMS) as an administrator.
  2. Type the following cmdlet to list all the current Send Connectors.
    Change Exchange 2010 Smart Host SMTP Port
  3. Using the SMTP Send Connector name extracted from the above cmdlet type the following cmdlet to change to the desired port. (2525 in this case)
    Set-SendConnector “SMTP Send Connector Name goes here” -Port 2525
    Change SBS 2011 Exchange Smart Host SMTP Port


Hat tip to prolateral.

Exchange 2010 Logo

The module DLL exppw.dll failed to load

Exchange 2010 Logo

A Windows SBS 2011 server at one of our customers locations installed several updates last evening, and when they came into work this morning they discovered they were not receiving any email. Neither was the remote web workplace or OWA working. After some digging around I noticed the following error in the event log.

The Module DLL C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa\auth\exppw.dll failed to load.

I tried a number of solutions that I found online, but none of them worked. Somewhere though I saw a tip that mentioned downloading Exchange 2010 SP3 and doing a reinstall of the Service Pack. Sure enough, I noticed that one of the updates that was installed last night was Exchange 2010 Service Pack 3. I downloaded the SP from Microsoft’s servers and reinstalled it. This fixed the above problems immediately.

Note: I never set Windows Servers to install updates automatically. I still don’t understand how the updates got installed and the customer is pretty sure they didn’t tell the server to install them.

Enable Office 365 Auto-discover for Outlook in SBS 2011 Exchange Environments

One of the  issues you will run into when migrating from an on premises Exchange 2010 server on SBS 2011 is that Outlook will not autodiscover the correct Office 365 server settings. Fortunately this can be easily solved with a few simple PowerShell commands.

  1. Open an Exchange Management Shell as an administrator. (Elevated PowerShell)
  2. Use the following command to discover the Identity name of your Autodiscover Virtual Directory. Either note or copy the values in the Identity field.
    Get-AutodiscoverVirtualDirectory | fl Name, Server, InternalUrl, Identity
    Retrieve Exchange Autodiscover Virtual Directory Settings - SBS 2011
  3. Use the following command to remove the AutoDiscover Virtual Directory. Be sure to replace the text inside the quotes with the value in the Identity field above.
    Remove-AutodiscoverVirtualDirectory –Identity “Insert identity value here”
     Virtual Directory for Exchange 2010
  4. You will have to confirm the removal by hitting Y for yes when prompted. You can double check to see if this worked properly by rerunning the command in step 2.  You should get a blank result if successful.

That should be it. Your Outlook clients should connect successfully to the Office 365 service.

Hat Tip to for pointing me in the right direction.