locked
Still fighting Exchange 2007 provisioning RRS feed

  • Question

  • I have posted a number of questions here regarding provisioning new accounts with Exchange 2007 mailboxes, with quotas.  While the answers have been helpful, I am still having problems.  So I am back.

    Here is my scenario:

    • We have a mixed Exchange 2003/2007 environment and will for the foreseeable future.
    • Because we are in mixed mode, we are still running RUS.
    • Because we are in mixed mode, I do not have the "Enable Exchange 2007 provisioning" box checked.
    • I am using ILM 2007 w/FP1

    Here are my issues:

    Because we have been a Notes shop until now, we haven't followed the practice of having the user's UPN be their SMTP name.  So that we don't have to change everyone's assigned UPN, we want to use the following settings:

    • 'sAMAccountName' = flllxxx
    • 'userPrincipalName' = 'sAMAccountName' + @childdomain.convergys.com
    • 'mailNickname' = 'sAMAccountName'
    • 'mail' = first.m.last@convergys.com

    The only way I have been able to get these settings to take is to directly flow 'mail' to 'targetAddress'.  Without that, 'targetAddress' doesn't get set and the "Primary SMTP Address" defaults to 'sAMAccountName'@childdomain.convergys.com'

    I also find that I can't create 'native' 2007 mailboxes; instead, they get created as 2003 'legacy' boxes.

    Here is my provisioning code:

    Dim nickName As String
            Dim storeQuota As Long  ' When reached, Exchange Server issues a warning about the mailbox size
            Dim overQuotaLimit As Long  ' When reached, Exchange Server prohibits sending e-mail from this mailbox
            Dim hardLimit As Long  ' When reached, Exchange Server prohibits sending and receiving e-mail
            Dim mailboxMDB As String
    
            ' set the nickname or alias
            nickName = mventry("sAMAccountName").Value
    
            ' set the mailbox limits
            storeQuota = mventry("mDBStorageQuota").IntegerValue
            overQuotaLimit = mventry("mDBOverQuotaLimit").IntegerValue
            hardLimit = mventry("mDBOverHardQuotaLimit").IntegerValue
    
            ' set the mailbox location
            mailboxMDB = mventry("homeMDB").StringValue
    
            csentry = ExchangeUtils.CreateMailbox(ManagementAgent, dn, nickName, mailboxMDB, storeQuota, overQuotaLimit, hardLimit)
    
            csentry("targetAddress").StringValue = "SMTP:" & mventry("mail").StringValue
    
    	csentry.CommitNewConnector()

    Ed Bell - Specialist, Network Services, Convergys
    Thursday, June 4, 2009 3:55 PM

Answers

  • You should be fine now... Its actually better for Exchange policies to do this...

    You don't have to worry about syncing the mail with proxaddresses as it should be done by exchange.

    Just have some fix your exchange policies.

    Joe
    Joe Stepongzi - Identity Management Consultant - ILM MVP - www.microsoftIdM.com,ilmXframework.codeplex.com
    • Marked as answer by Ed Bell Friday, June 5, 2009 7:53 PM
    Friday, June 5, 2009 7:51 PM

All replies

  • Hi Ed,

    as we covered in this earlier thread Mailbox Users do not have targetAddress so you should not set it. I do not have the setup to try it myself so forgive if this doesn't work, but I believe if you set the primary SMTP explicitly then the RUS will not overwrite it. So the line:

                   csentry("targetAddress").StringValue = "SMTP:" & mventry("mail").StringValue

    would be replaced with:

                   csentry("proxyAddresses").Values.Add("SMTP:" & mventry("mail").StringValue)

    easy change so worth a try?

    As for the mailbox version type, this is a result of continuing to use the RUS. Again, I do not have the setup to verify but since you are trying to provisioning ex2007 mailboxes then you should be able to use the "Enable Exchange 2007 provisioning" option without conflict with the RUS. If it works then again, I don't think it will overwrite your explicit setting of the primary SMTP. 

    Neil Koorland 

    Thursday, June 4, 2009 7:22 PM
  • I will try these and report back.

    There is another question, however: if we are relying on Exchange Mail Policies to determine the primary SMTP address (as was elsewhere suggested), how does that work with this?

    Another thought that was tossed out here during an internal meeting to discuss this was, would we be better off to not even bother to try Exchange provisioning until we can get into 2007 native mode?

    Thanks.
    Ed Bell - Specialist, Network Services, Convergys
    Thursday, June 4, 2009 7:32 PM
  • There is a way to stop the rus from processing on the object.. Its an attribute you have to set... I can't remember off hand, but will try to find it for you..
    Then you will have to set the proxyaddresses and mail attribute value.. 

    Just remember to keep a flow to the mail value because if the proxyaddress ever changes the mail attribute won't change with it.

    Joe
    Joe Stepongzi - Identity Management Consultant - ILM MVP - www.microsoftIdM.com,ilmXframework.codeplex.com
    Friday, June 5, 2009 5:20 PM
  • On second thoughts using an Email Addressing policy to set the primary SMTP would be a better way to go than setting the proxyAddresses explicitly in your provisioning code. You can define a policy that has a criterion based on an attribute value that is unique to the objects you are provisioning. You can even set this attribute value in your provisioning code if your objects don't already have some differentiating attribute.  You can only use email addressing policy will require you to use the "Enable exchange 2007 provisioning" option for the ADMA. I'm pretty sure this will also ensure that the mailboxes are not "legacy" ones. 

    I don't see any reason why you need to defer this until you are in 2007 native mode.

    Neil Koorland

    p.s. you should still delete the line:
        csentry("targetAddress").StringValue = "SMTP:" & mventry("mail").StringValue 
    at best it is doing nothing, and at worst might intefere with the email policy you will use to stamp the other addressing attributes. 

    Friday, June 5, 2009 7:18 PM
  • This morning I checked the "Enable Exchange 2007 provisioning box"; removed the 'targetAddress' flow rule and code and I am now relying on Exchange policies to determine the SMTP address for new accounts.

    The good news is that it does now create 2007 mailboxes and I don't get any errors.

    The bad news is that the "Primary SMTP Address" is being set to the UPN.  I'm also not seeing an "SMTP:smtpname@convergys.com" entry in the E-Mail Addresses list.  I am assuming that both of those would be driven by Exchange policies, so I'm looking to my Exchange folks to figure out how to set those.

    I don't currently have "proxyAddresses" selected in my AD MA; I'm assuming I should?  When I'm letting Exchange determine the SMTP address, how do I flow that into "mail" and/or "proxyAddresses"?  Or do I not need to worry about it?

    Sorry if these questions seem, well, stupid... I'm totally new to Exchange and have only been working with ILM for about a year. :-)
    Ed Bell - Specialist, Network Services, Convergys
    Friday, June 5, 2009 7:45 PM
  • You should be fine now... Its actually better for Exchange policies to do this...

    You don't have to worry about syncing the mail with proxaddresses as it should be done by exchange.

    Just have some fix your exchange policies.

    Joe
    Joe Stepongzi - Identity Management Consultant - ILM MVP - www.microsoftIdM.com,ilmXframework.codeplex.com
    • Marked as answer by Ed Bell Friday, June 5, 2009 7:53 PM
    Friday, June 5, 2009 7:51 PM
  • Thanks, guys.
    Ed Bell - Specialist, Network Services, Convergys
    Friday, June 5, 2009 7:53 PM