Exchange 2007 'Shared' Mailbox Provisioning with ExchangeUtils
-
Tuesday, July 21, 2009 6:18 PMHi All..
Are you able to provision different E2K7 mailbox types with ILM 2007 FP1 using the ExchangeUtils class: 'Shared', 'Linked', 'Room', 'Equipment', etc..?
It looks like only 'User' mailboxes can be provisioned.. Why hasn't the ExchangeUtils class been extended in FP1 to include provisioning the new E2K7 mailbox types? Are we able to get a patch from Microsoft? Are Microsoft planning to support this functionality in a future release?
Any help with this greatly appreciated.
Thanks in advance.- Edited by MMS_guru Wednesday, July 22, 2009 4:57 PM
- Changed Type Ahmad Abdel-wahedMicrosoft Employee Monday, August 03, 2009 8:34 PM Discussion about managing different Exchange mailbox types
All Replies
-
Wednesday, July 22, 2009 7:36 PM
The short answer is yes, but it takes some tweaking in your provisioning code.
You have 2 choices:1. use the CreateMailbox method to provision a User Mailbox and then modify certain attributes to transform to the mailbox type before invoking CommitnewConnector.
OR
2. don't use CreateMailbox and provision all the attributes for the mailbox type you need "from scratch" including the ones that CreateMailbox sets.
I think #1 is a better way to go because it takes care of setting some pretty gnarly attribute values for you. In particular, the 3 versions of CreateMailbox which take the LogonAccountSID parameter can provision E2K3-compatible "Resource" mailboxes which is a good starting point as they also require setting of the associated logon account and permissions for the mailbox.
I can share provisioning code with you if you need this, but I'd like to try it out first to make sure it works before sharing. Or were you just investigating if its possible to do ?
Neil Koorland -
Thursday, July 23, 2009 6:08 PMHi,
I tried exporting the following additional (constant) attributes in the AD MA when provisioning the new object in the connector space:
msExchRecipientTypeDetails: 4
msExchRecipientDisplayType: 0
The mailbox object was created as a 'User' mailbox. Looks like the 'Update-Recipient' cmdlet is overwriting these values. Would it be better to use provisioning code to update these two attributes (?) something like:
csentry = ExchangeUtils.CreateMailEnabledUser(adMA, dn, nickName, targetAddress);
csentry["msExchRecipientTypeDetails"].Value = 4;
csentry["msExchRecipientDisplayType"].Value = 0;
I've read in a number of articles that manually updating these attributes is not supported by Microsoft - can anybody confirm? And if this is the case, what is the correct (supported) procedure for creating Exchange Server 2007 'shared' mailboxes using ILM 2007 FP1?
Any feedback greatly appreciated..
Anyone got any thoughts???- Edited by MMS_guru Tuesday, July 28, 2009 3:45 PM
-
Wednesday, July 29, 2009 3:41 PMInteresting problem.
I know you can do a linked mailbox, just by setting the suitable attributes, but I hadn't tried a resource mailbox before.
I just tried changing a user into a room by modifying the following attributes in ADSIEdit:
msExchRecipientTypeDetails = 16
msExchResourceMetadata = "ResourceType: Room"
and the account was successfully changed into a room.
So, thought I, that looks easy. Tried a test using ILM 2007 fp1 - and exactly as you have found, the setting for msExchRecipientTypeDetails is reverting to 1.
Following up on your theory about update-recipient I then ran that cmdlet manually against the account I had changed in ADSIedit - and msExchRecipientTypeDetails changed back to 1 - ie a User.
So I believe you are correct - it is update-recipient which is reversing the change.
Another observation - I ran update-recipient against a Room that I created in the excahnge management console. It remains a room.
So I suspect this may be a case of needing to populate more attributes. I can see there a quite a few more populated on the room - such as msExchResourceSearchProperties and msExchResourceDisplay.
I'll do some more testing if I get a chance as I'd like to know the answer myself.
Carol
http://www.wapshere.com/missmiis -
Friday, July 31, 2009 8:02 AMAfter some more testing I have come to the conclusion that this can't be done. (Annoying)
In ADSIEdit, I have set every single possible attribute, and they all remain set, until you run update-recipient, at which point the following two atributes revert to their "User" values:
msExchRecipientTypeDetails
msExchRecipientDisplayType
and the mailbox is once again a "User Mailbox".
I've also tried creating the user from scratch using StartNewConnector and setting all the values manually, including the security descriptor. Again those two key values get changes to User values, and this is on a brand new account!
It definitely seems the only sure fire way to convert a user to a room (or equipment) is to use the Set-Mailbox cmdlet.
So - how to automate this? If your resource mailboxes have predictable names then you could run a powershell script after the ILM exports that did the conversion.
Or if you really want to do the whole thing with ILM then have a look at my powershell XMA.
Carol
http://www.wapshere.com/missmiis -
Friday, July 31, 2009 4:48 PMThanks Carol.
"I've also tried creating the user from scratch using StartNewConnector and setting all the values manually" - Did you disable Exchange 2007 Provisioning on your AD MA when attempting to provision the values manually? Had Prem Support on the phone today and the ILM/Exchange 2007 product group, they said either provision a resource mailbox with a 'fake' security descriptor or disable Exchange 2007 Provisioning on the AD MA and attempt to provision all of the Exchange attributes manually. I'm in the process of generating a Design Change Request (DCR) I'll post back here if I'm successful.
Regards, MMS_guru -
Friday, July 31, 2009 7:49 PM
Yes I did try that. The room gets created, and it appears as a room - but if I run update-recipient against it manually it still reverts to a user, so in my mind that is not a solution.
I've pasted the code below. I got a "dn-attributes-failure" on homeMTA, and I didn't set showInAddressBook - but I'd be really surprised if either of those attributes would change this behaviour we're seeing.
Please do post back here about whatever you find out. I'm actually writing an article for this forum at the moment about managing Exchange with ILM, and this topic should really be included.
rdn = "CN=room_" & mventry("displayName").Value
dn = MA.EscapeDNComponent(rdn).Concat("OU=Users,OU=MyOrg,dc=mydomain,dc=local")
csentry = MA.Connectors.StartNewConnector("user")
csentry.DN = dn
csentry("homeMDB").Value = "CN=Mailbox Database,CN=First Storage Group,CN=InformationStore,CN=WIN-9DQLZ1PY9L8,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mydomain,DC=local"
'csentry("homeMTA").Value = "CN=Microsoft MTA,CN=WIN-9DQLZ1PY9L8,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Grups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mydomain,DC=local"
csentry("legacyExchangeDN").Value = "/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/" & "cn=room_" & mventry("displayName").Value.ToLower
csentry("mail").Value = mventry("mailNickname").Value & "@myorg.ch"
csentry("mailNickname").Value = mventry("mailNickname").Value
csentry("proxyAddresses").Value = "SMTP:" & mventry("mailNickname").Value
csentry("msExchHomeServerName").Value = "/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=WIN-9DQLZ1PY9L8"
csentry("msExchMailboxSecurityDescriptor").BinaryValue = Utils.ConvertStringToSecurityDescriptor("O:PSG:PSD:(A;CI;CCLCRC;;;PS)")
csentry("msExchPoliciesIncluded").Value = "{B4A0500B-48E7-467E-B4FA-74265FE54C4A},{26491CFC-9E50-4857-861B-0CB8DF22B5D7}"
csentry("msExchRecipientDisplayType").IntegerValue = 7
csentry("msExchRecipientTypeDetails").IntegerValue = 16
csentry("msExchResourceDisplay").Value = "Room"
csentry("msExchResourceMetaData").Value = "ResourceType:Room"
csentry("msExchResourceSearchProperties").Value = "Room"
csentry("msExchVersion").Value = "4535486012416"
csentry("unicodePwd").Values.Add("Password01")
csentry("userAccountControl").IntegerValue = 66050
csentry.CommitNewConnector()
G'luck,
Carol
http://www.wapshere.com/missmiis -
Friday, July 31, 2009 8:16 PMHi Carol.. Many thanks for your help with this. MS said that they will task the Exchange team with providing a patch for the ExchangeUtils class, e.g. CreateSharedMailbox and CreateRoomMailbox and CreateEquipmentMailbox methods. Guess this will become available through a PSS request. Can you think of anything else it might need to do? Also interesting that this issue is not fixed in ILM2/FIM2010. Thanks again.
.png){kind=spacer}
