Checking for “ms-RTC-SIP-TrustedServer” multiple Active Directory entries with PowerShell

While publishing and enabling a topology, we were getting this error:

Enable-CsTopology: Multiple Active Directory entries were found for type”ms-RTC-SIP-TrustedServer” with ID “<SERVER FQDN>”.

The publishing was successful but then the enabling was showing this error.

The next step was to check the duplicates in the Active Directory Configuration Partition. For those who have already browsed this, you probably know it has too many entries:


An easy way to check duplicates is to use PowerShell. For this we need a server/desktop with the Active Directory PowerShell module installed, because the AD:\ won’t be available if we don’t load the AD module:


Get-ItemProperty : Cannot find drive. A drive with the name ‘AD’ does not exist.
At line:1 char:1
+ Get-ItemProperty -Path “AD:CN=*,CN=Trusted Services,CN=RTC Service,CN=Services, …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (AD:String) [Get-ItemProperty], DriveNotFoundException
+ FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.GetItemPropertyCommand

To import the Active Directory module simply run:

Import-Module ActiveDirectory


And to check the duplicates we use the following PowerShell cmdlet:

Get-ItemProperty -Path “AD:CN=*,CN=Trusted Services,CN=RTC Service,CN=Services,CN=Configuration,DC=gears,DC=lab” -Name cn,msRTCSIP-TrustedServerFQDN,msRTCSIP-TrustedServiceType,whenCreated,whenChanged | Group-Object -Property msRTCSIP-TrustedServerFQDN,msRTCSIP-TrustedServiceType | Where-Object {$_.Count -gt 1} | Select-Object -ExpandProperty Group | Select cn,msRTCSIP-TrustedServerFQDN,msRTCSIP-TrustedServiceType,whenCreated,whenChanged | ft -AutoSize

Note: Replace DC=gears,DC=lab with the value for your domain.


Now we know which values are duplicated. Please take special attention when changing values in the Active Directory Configuration partition, as you should have a backup of all values before doing any change.


One thought on “Checking for “ms-RTC-SIP-TrustedServer” multiple Active Directory entries with PowerShell

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.