I had an error with Exchange Control Panel and Windows 2016 Domain Controller: The access control entry defines the ObjectType ‘9b026da6-0d3c-465c-8bee-5199d7165cba’ that can’t be resolved.
The error will be raised as you open the ECP and view the Mailbox Delegation tab of any user account. Moreover this error doesn’t appear if you have an hybrid deployment with Office 365.The issue is because ObjectType ‘9b026da6-0d3c-465c-8bee-5199d7165cba’ is the GUID of the DS-Validated-Write-Computer Control Access Right introduced in Windos Server 2016 AD DS which is new to your Active Directory upon installing your first 2016 domain controller. Exchange Server reads this access control list when you open the Mailbox Delegation tab in Exchange Control Panel or when you run Get-ADPermission on the mailbox. This error is cosmetic, but to remove it you just need to reboot all your Exchange Servers in turn (relying on your database availability groups and load balancers to maintain service). Once you have rebooted each server, the error goes away when you are connected to that server for administrative functions. There is no impact on user connectivity whilst this error is in place, though it may impact you ability to assign permissions without error.
Hence, I recommend that you reboot one server as soon as you can and then use that server as your target for administration until you can reboot the remaining servers.