Configure the Domains that User Replicator Searches

Update 6/19/12 – Updated post with cmdlet for Lync Server 2010.

A common issue that occurs in a multi-domain forest, is that most of the time, not all of your domains contain users that are going to be SIP-enabled.  Unfortunately, when User Replicator runs, it tries to connect to all domains in the forest to search for users.  This causes the following error:


There’s a couple solutions to this issue.  First, is you look at KB938290 (, it says that you can safely ignore the error.  This is true, User Replicator will continue to work just fine.  Personally, I’m not one to just ignore errors in the event log, so there are 2 ways to get rid of this error.  The first would be to run domain prep in the domains listed in the error.  This will grant the User Replicator the rights it needs to query AD in that domain.  This works great, and a lot of people choose this option.  But, some people only want to grant the minimum number of rights possible, so running domain prep isn’t an option.  For those people, you can configure User Replicator to only search specified domains.

For Lync Server 2010

You can use the Lync Server 2010 Management Shell to specify the list of domains to search:

Set-CsUserReplicatorConfiguration -Identity global -ADDomainNamingContextList @{Add=”DC=childdomain1,DC=rootdomain,DC=com”,”DC=childdomain2,DC=rootdomain,DC=com,CN=Configuration,DC=childdomain1,DC=com”}

For LCS 2005, OCS 2007, OCS 2007 R2

To specify a list of domains to search, you will need to make the change in WMI.

First you need to go to Start > Run > wbemtest

Click Connect
For the namespace, enter: root\cimv2
Click Connect

Next, click on Query.

Enter the above query and click on Apply.


Double-click on the returned value.

Scroll down until you find the “UserDomainList” property.

To edit the properties, click on Edit Property.  Click on Not NULL, and enter the new domains that you want to search.  In this example, I chose to only search my two child domains, so I entered the following:


If you are using any of the OCS services that create application contact objects, i.e. Dial-in Conferencing, you will want to add “CN=Configuration,DC=childdomain1,DC=com” to the list as well, otherwise they will not show up in the address book.

When you are done, make sure to click on Save Property and Save Object.

If you click on the Save Object button and you get the following error: 

You can use the script found in the More Information section of KB906596 ( to update the values.


Now the next time that User Replicator runs, it will only search the domains that you specified.

Comments (6)

  1. Anonymous says:


    The procedure is the same for an Enterprise Edition pool as well as a Standard Edition Server.  This change will replicate to AD and will be effective for all front-end servers in the environment.

  2. Anonymous says:


    Thanks!  I updated the post and added the cmdlet for Lync.

  3. Anonymous says:

    Thanks for the useful blog post! In Lync you can use the following command:…/gg398540.aspx Set-CsUserReplicatorConfiguration -Identity global -ADDomainNamingContextList @{Add="dc=fabrikam,dc=com"}

  4. Bill Winters says:

    I tried this and I got a WMI error "Provider is not capable of the attempted operation" when I click "save object".  For some reason I had to use the VB script listed here:…/906596 for it to work.

  5. Richard says:


    just 1 question: how does the procedure changes, if I am configuring an Enterprise pool, and not a single Standard Edition server?

  6. Richard says:

    Hi, its me again:

    it is not clear to me, if this change will mess with all the global settings