Checking for “ms-RTC-SIP-TrustedServer” multiple Active Directory entries with PowerShell

While publishing and enabling a topology, we were getting this error:

Enable-CsTopology: Multiple Active Directory entries were found for type”ms-RTC-SIP-TrustedServer” with ID “<SERVER FQDN>”.

The publishing was successful but then the enabling was showing this error.

The next step was to check the duplicates in the Active Directory Configuration Partition. For those who have already browsed this, you probably know it has too many entries:

dupTrustedService01

An easy way to check duplicates is to use PowerShell. For this we need a server/desktop with the Active Directory PowerShell module installed, because the AD:\ won’t be available if we don’t load the AD module:

dupTrustedService02

Get-ItemProperty : Cannot find drive. A drive with the name ‘AD’ does not exist.
At line:1 char:1
+ Get-ItemProperty -Path “AD:CN=*,CN=Trusted Services,CN=RTC Service,CN=Services, …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (AD:String) [Get-ItemProperty], DriveNotFoundException
+ FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.GetItemPropertyCommand

To import the Active Directory module simply run:

Import-Module ActiveDirectory

dupTrustedService03

And to check the duplicates we use the following PowerShell cmdlet:

Get-ItemProperty -Path “AD:CN=*,CN=Trusted Services,CN=RTC Service,CN=Services,CN=Configuration,DC=gears,DC=lab” -Name cn,msRTCSIP-TrustedServerFQDN,msRTCSIP-TrustedServiceType,whenCreated,whenChanged | Group-Object -Property msRTCSIP-TrustedServerFQDN,msRTCSIP-TrustedServiceType | Where-Object {$_.Count -gt 1} | Select-Object -ExpandProperty Group | Select cn,msRTCSIP-TrustedServerFQDN,msRTCSIP-TrustedServiceType,whenCreated,whenChanged | ft -AutoSize

Note: Replace DC=gears,DC=lab with the value for your domain.

dupTrustedService04

Now we know which values are duplicated. Please take special attention when changing values in the Active Directory Configuration partition, as you should have a backup of all values before doing any change.

Lastly, a special thanks to the blog Hey, Scripting Guy for this post:

Hey, Scripting Guy! How Can I Use Windows PowerShell to Retrieve the Non-Unique Items in a List?
http://blogs.technet.com/b/heyscriptingguy/archive/2008/01/31/how-can-i-use-windows-powershell-to-retrieve-the-non-unique-items-in-a-list.aspx

One thought on “Checking for “ms-RTC-SIP-TrustedServer” multiple Active Directory entries with PowerShell

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.