locked
Removing old exchange attributes from AD user accounts RRS feed

  • Question

  • We are currently trying to deploy Exchange 2010 on our network. We have run into some problems along the way because in the past someone had installed Exchange 2003 and 2000 but then removed the servers from the network...not sure why. We actually had to open a case with Microsoft support so they could go in and clean up the AD with ADSI edit so that Exchange 2010 would install properly. Now that we have 2010 installed I am seeing that a few of our users have legacy mailbox attributes associated with them. I have tried several methods to remove those mailbox's but it always comes back and tells me that I don't have permission to do so. I even found an article that described moving them to another mailbox database and then removing that database but that didn't work either. It seems that since Exchange can't contact the old database where those attributes actually reside I'm stuck and can't remove them. Short of removing the user accounts and re adding them to AD I am wondering if there is another solution to this issue. Can those attributes be removed using ADSI edit just as the old Exchange attributes were earlier? Any help or guidance would be much appreciated.
    Tuesday, April 27, 2010 7:40 PM

All replies

  • Here are the attributes you would need to clear/set to null on a user account.

    http://msexchangeteam.com/archive/2006/10/13/429192.aspx

    Remove Exchange Attributes vs. Delete Mailbox

     

    Remove Exchange Attributes removes the following attributes as long as they actually exist as available attributes of that schema object:

    • adminDisplayName
    • altRecipient
    • authOrig
    • autoReplyMessage (ILS Settings)
    • deletedItemFlags
    • delivContLength
    • deliverAndRedirect
    • displayNamePrintable
    • dLMemDefault
    • dLMemRejectPerms
    • dLMemSubmitPerms
    • extensionAttribute1
    • extensionAttribute10
    • extensionAttribute11
    • extensionAttribute12
    • extensionAttribute13
    • extensionAttribute14
    • extensionAttribute15
    • extensionAttribute2
    • extensionAttribute3
    • extensionAttribute4
    • extensionAttribute5
    • extensionAttribute6
    • extensionAttribute7
    • extensionAttribute8
    • extensionAttribute9
    • folderPathname (Outlook Web Access Server)
    • garbageCollPeriod
    • homeMDB (Exchange Mailbox Store)
    • homeMTA
    • internetEncoding
    • legacyExchangeDN
    • mail (E-Mail Address)
    • mailNickname (Alias)
    • mAPIRecipient
    • mDBOverHardQuotaLimit
    • mDBOverQuotaLimit
    • mDBStorageQuota
    • mDBUseDefaults
    • msExchADCGlobalNames
    • msExchControllingZone
    • msExchExpansionServerName
    • msExchFBURL
    • msExchHideFromAddressLists
    • msExchHomeServerName (Exchange Home Server)
    • msExchMailboxGuid
    • msExchMailboxSecurityDescriptor
    • msExchPoliciesExcluded
    • msExchPoliciesIncluded
    • msExchRecipLimit
    • msExchResourceGUID
    • protocolSettings
    • proxyAddresses (Proxy Addresses)
    • publicDelegates
    • securityProtocol
    • showInAddressBook
    • submissionContLength
    • targetAddress
    • textEncodedORAddress
    • unauthOrig

     

     

     

     

     

     

    • Proposed as answer by Gavin-Zhang Tuesday, May 4, 2010 10:59 AM
    Tuesday, April 27, 2010 9:44 PM
  • You might try installing a copy of the Exchange 2003 Management Tools to clear the Exchange attributes for these users if you think it might be easier.
    --
    Ed Crowley MVP
    "There are seldom good technological solutions to behavioral problems."
    .
    "AndyD_" wrote in message news:64255a21-5551-42ed-8c4f-333049259488...

    Here are the attributes you would need to clear/set to null on a user account.

    http://msexchangeteam.com/archive/2006/10/13/429192.aspx

    Remove Exchange Attributes vs. Delete Mailbox

     

    Remove Exchange Attributes removes the following attributes as long as they actually exist as available attributes of that schema object:

    • adminDisplayName
    • altRecipient
    • authOrig
    • autoReplyMessage (ILS Settings)
    • deletedItemFlags
    • delivContLength
    • deliverAndRedirect
    • displayNamePrintable
    • dLMemDefault
    • dLMemRejectPerms
    • dLMemSubmitPerms
    • extensionAttribute1
    • extensionAttribute10
    • extensionAttribute11
    • extensionAttribute12
    • extensionAttribute13
    • extensionAttribute14
    • extensionAttribute15
    • extensionAttribute2
    • extensionAttribute3
    • extensionAttribute4
    • extensionAttribute5
    • extensionAttribute6
    • extensionAttribute7
    • extensionAttribute8
    • extensionAttribute9
    • folderPathname (Outlook Web Access Server)
    • garbageCollPeriod
    • homeMDB (Exchange Mailbox Store)
    • homeMTA
    • internetEncoding
    • legacyExchangeDN
    • mail (E-Mail Address)
    • mailNickname (Alias)
    • mAPIRecipient
    • mDBOverHardQuotaLimit
    • mDBOverQuotaLimit
    • mDBStorageQuota
    • mDBUseDefaults
    • msExchADCGlobalNames
    • msExchControllingZone
    • msExchExpansionServerName
    • msExchFBURL
    • msExchHideFromAddressLists
    • msExchHomeServerName (Exchange Home Server)
    • msExchMailboxGuid
    • msExchMailboxSecurityDescriptor
    • msExchPoliciesExcluded
    • msExchPoliciesIncluded
    • msExchRecipLimit
    • msExchResourceGUID
    • protocolSettings
    • proxyAddresses (Proxy Addresses)
    • publicDelegates
    • securityProtocol
    • showInAddressBook
    • submissionContLength
    • targetAddress
    • textEncodedORAddress
    • unauthOrig

     

     

     

     

     

     


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Wednesday, April 28, 2010 12:37 AM
  • This can be done via Exchange Powershell too:

    # run this on the Exchange Server
    # Can use SID/UPN etc to lookup the user
    
    $ADaccount = get-user john.smith@test.com
    $FullDistinguishName = "LDAP://" + $ADaccount.distinguishedName 
     
    $AccountEntry = New-Object DirectoryServices.DirectoryEntry $FullDistinguishName 
    $AccountEntry.PutEx(1, "mail", $null) 
    $AccountEntry.PutEx(1, "HomeMDB", $null) 
    $AccountEntry.PutEx(1, "HomeMTA", $null) 
    $AccountEntry.PutEx(1, "legacyExchangeDN", $null) 
    $AccountEntry.PutEx(1, "msExchMailboxAuditEnable", $null) 
    $AccountEntry.PutEx(1, "msExchAddressBookFlags", $null) 
    $AccountEntry.PutEx(1, "msExchArchiveQuota", $null) 
    $AccountEntry.PutEx(1, "msExchArchiveWarnQuota", $null) 
    $AccountEntry.PutEx(1, "msExchBypassAudit", $null) 
    $AccountEntry.PutEx(1, "msExchDumpsterQuota", $null) 
    $AccountEntry.PutEx(1, "msExchDumpsterWarningQuota", $null)  
    $AccountEntry.PutEx(1, "msExchHomeServerName", $null) 
    $AccountEntry.PutEx(1, "msExchMailboxAuditEnable", $null) 
    $AccountEntry.PutEx(1, "msExchMailboxAuditLogAgeLimit", $null) 
    $AccountEntry.PutEx(1, "msExchMailboxGuid", $null) 
    $AccountEntry.PutEx(1, "msExchMDBRulesQuota", $null) 
    $AccountEntry.PutEx(1, "msExchModerationFlags", $null) 
    $AccountEntry.PutEx(1, "msExchPoliciesIncluded", $null) 
    $AccountEntry.PutEx(1, "msExchProvisioningFlags", $null) 
    $AccountEntry.PutEx(1, "msExchRBACPolicyLink", $null) 
    $AccountEntry.PutEx(1, "msExchRecipientDisplayType", $null) 
    $AccountEntry.PutEx(1, "msExchRecipientTypeDetails", $null) 
    $AccountEntry.PutEx(1, "msExchTransportRecipientSettingsFlags", $null) 
    $AccountEntry.PutEx(1, "msExchUMDtmfMap", $null) 
    $AccountEntry.PutEx(1, "msExchUMEnabledFlags2", $null) 
    $AccountEntry.PutEx(1, "msExchUserAccountControl", $null) 
    $AccountEntry.PutEx(1, "msExchVersion", $null)  
    $AccountEntry.PutEx(1, "proxyAddresses", $null)  
    $AccountEntry.PutEx(1, "showInAddressBook", $null)  
    $AccountEntry.PutEx(1, "mailNickname", $null) 
    # write to the AD account
    $AccountEntry.SetInfo()

    Thursday, July 6, 2017 11:22 PM