Checking for “ms-RTC-SIP-TrustedServer” multiple Active Directory entries with PowerShell

While publishing and enabling a topology, we were getting this error:

Enable-CsTopology: Multiple Active Directory entries were found for type”ms-RTC-SIP-TrustedServer” with ID “<SERVER FQDN>”.

The publishing was successful but then the enabling was showing this error.

The next step was to check the duplicates in the Active Directory Configuration Partition. For those who have already browsed this, you probably know it has several entries:

duptrustedservice01

An easy way to check duplicates is to use PowerShell. For this we need a server/desktop with the Active Directory PowerShell module installed, because the AD:\ won’t be available if we don’t load the AD module:

duptrustedservice02

Get-ItemProperty : Cannot find drive. A drive with the name ‘AD’ does not exist.
At line:1 char:1
+ Get-ItemProperty -Path “AD:\CN=*,CN=Trusted Services,CN=RTC Service,CN=Services, …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (AD:String) [Get-ItemProperty], DriveNotFoundException
+ FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.GetItemPropertyCommand

To import the Active Directory module simply run:

Import-Module ActiveDirectory

duptrustedservice03

And to check the duplicates we use the following PowerShell cmdlet:

Get-ItemProperty -Path “AD:\CN=*,CN=Global Settings,CN=RTC Service,CN=Services,CN=Configuration,DC=gears,DC=lab” -Name cn,msRTCSIP-TrustedServerFQDN,objectClass,whenChanged | Group-Object -Property msRTCSIP-TrustedServerFQDN | Where-Object {$_.Count -gt 1} | Select-Object -ExpandProperty Group | ?{$_.objectClass -eq “msRTCSIP-TrustedServer”} | Select cn,msRTCSIP-TrustedServerFQDN,whenChanged | ft -AutoSize

Note: Replace DC=gears,DC=lab with the value for your domain.

duptrustedservice04

Now we know which values are duplicated. Please take special attention when changing values in the Active Directory Configuration partition, as you should have a backup of all values before doing any change.

Lastly, a special thanks to the blog Hey, Scripting Guy for this post:

Hey, Scripting Guy! How Can I Use Windows PowerShell to Retrieve the Non-Unique Items in a List?
http://blogs.technet.com/b/heyscriptingguy/archive/2008/01/31/how-can-i-use-windows-powershell-to-retrieve-the-non-unique-items-in-a-list.aspx