none
Cannot create a user account or mailbox

Answers

  • The account “Service” is reserved, actually it has been already used

    SID: S-1-5-6

    Name: Service

    Description: A group that includes all security principals that have logged on as a service. Membership is controlled by the operating system

    You can find it by using ADSIEdit

    a.       Start->Run-> ADSIEdit.msc

    b.      Expand “Configuration”->CN=Wellknown Security Principals

    More in the KB 243330

     

    Wednesday, October 8, 2008 2:08 AM
  • As always thanks James…

     

    Russ,

     

    Logon Name is preserved in Active Directory but not email display name or smtp address.

     

    You can create a user by giving First name “Service” and Last name “Account” and User Logon Name “ServiceAccount”.

     

    After creation of user change the Display name from “Service Account” to just “Service” and email address from Service.Account@Domain.com to Service@Domain.com (make sure that you unticked the option “Automatically update email addresses based on recipient policy” in Email addresses tab)

     

    So when you do any mail communication with this service account it name displays as “Service” and email address of this account will be Service@Domain.com

     

    Hope this helps...!!

     

    Wednesday, October 8, 2008 3:36 AM
  • Hello Russ,

     

    You need to give Send As permission to send mail as a service account. You can give in User properties -> Security tab and add fiver users and give Send-As allow permission.

     

    Sending 'As' -> http://www.msexchange.org/tutorials/Sending-As.html

    Tuesday, October 14, 2008 2:46 PM

All replies

  • Hello,

     

    Verify that same SMTP address is not assigned to any other object with the help of below article.

     

    Finding Duplicate SMTP Addresses

    http://www.msexchange.org/articles/Finding-Duplicate-SMTP-Addresses.html

     

    Besides that, force the AD replication if you have multiple DCs in your enviroment and confirm that you don't have any pending replication request with RepAdmin tool.

    Monday, October 6, 2008 1:05 PM
  • Hi thanks for your advice.

     

    I have opened the article you mention and followed it to the letter but it returns nothing at all.  I have also run a test by adding "service" as a secondary SMTP address under a users properties and your search then finds it straight away but when you delete it the search doesn't find it - which is correct.   The problem is why can't you use it as a user name.

     

    I need further explanation on your final paragraph please - what is a DC?  We only have the one SBS Server in our company.    I just dont understand why it is giving the same error.

     

    There is no one with the "service" name - active directory seems to be hanging onto it somewhere.

     

    One suggestion was that there might be something holding on to a list of old deleted accounts and unless you remove it from the list exchange will not allow it to be used again.  Is this true?

     

    The other thing is perhaps the word "service" is a reserved name?  Could this be the case?

     

    Any further advice would be greatly appreciated.

     

    Monday, October 6, 2008 4:21 PM
  • Looks like I misunderstood it. You are getting error that A user account with this name already exists on the network” and not smtp address. 

     

    Can you find any user object with name “Maintenance” in you Active Directory Users & Computers? If you find any user with the name then you can create mailbox for it by right click on it and select Exchange Task & select Create Mailbox.

     

    BTW, DC means domain controller but since you have only one server then it shouldn't be any replication issue.

    Monday, October 6, 2008 4:44 PM
  • The name I am trying to use is "service" (i put maintenace by mistake!) - is the word "service" a 'reserved' name that can never be used?

     

    I get the error message when I get to the end of the create new user wizard.....

     

    The error is :    A user account with this name already exists on the network. You must run the wizard again and specify a different name.

     

    There is definitely no other user objects with this name, but it is definitely hanging onto the old name somewhere.

     

     

    Do you know if Exchange keeps old deleted names somewhere for a period of time before you can reuse them?

     

    I have set mailbox deletion down to 1 day instead of the 30 days it was on but this has made no difference.

     

     

    Any suggestions?

    Tuesday, October 7, 2008 5:58 AM
  • The account “Service” is reserved, actually it has been already used

    SID: S-1-5-6

    Name: Service

    Description: A group that includes all security principals that have logged on as a service. Membership is controlled by the operating system

    You can find it by using ADSIEdit

    a.       Start->Run-> ADSIEdit.msc

    b.      Expand “Configuration”->CN=Wellknown Security Principals

    More in the KB 243330

     

    Wednesday, October 8, 2008 2:08 AM
  • As always thanks James…

     

    Russ,

     

    Logon Name is preserved in Active Directory but not email display name or smtp address.

     

    You can create a user by giving First name “Service” and Last name “Account” and User Logon Name “ServiceAccount”.

     

    After creation of user change the Display name from “Service Account” to just “Service” and email address from Service.Account@Domain.com to Service@Domain.com (make sure that you unticked the option “Automatically update email addresses based on recipient policy” in Email addresses tab)

     

    So when you do any mail communication with this service account it name displays as “Service” and email address of this account will be Service@Domain.com

     

    Hope this helps...!!

     

    Wednesday, October 8, 2008 3:36 AM
  • Thanks for this Amit - I have now managed to create my "service" user and its associated mailbox.   However.....  have now run into more problems.

     

    I have allowed access rights to five users in my service department.  (went into the "service" user properties in AD and the exchange advanced tab and added each of the five members into the mailbox rights section).

     

    Mail is coming in to the group mailbox absolutely fine, but when any of the users hits "reply" and sends a reply back to the customer they get an error message returned in their inbox which says...

     

    "You do not have permission to send to this recipient.  For assistance contact your system administrator.

    MSEXCH:MSExchangeIS:/DC=local/DC=domainnameTongue Tiederver name

     

    When I send a reply from myself as an administrator it works fine so it isn't our ISP blocking the mail it is something to do with exchange server and the five users who are not administrators.

     

    I have tried everything I can think of but cannot get it to allow them to send mail out.  What am I doing wrong?!

     

     

    I have read other forums which suggest within ESM and the SMTP section granting users the "relay permission".  This makes no difference at all.  There must be something within exchange that is blocking users sending mail on behalf of the new service mailbox.

     

    Please help!

    Tuesday, October 14, 2008 2:38 PM
  • Hello Russ,

     

    You need to give Send As permission to send mail as a service account. You can give in User properties -> Security tab and add fiver users and give Send-As allow permission.

     

    Sending 'As' -> http://www.msexchange.org/tutorials/Sending-As.html

    Tuesday, October 14, 2008 2:46 PM
  • Many many thanks for this Amit - this has resolved our issue completely.

     

    The link you gave above sets it out in clear detail.  I couldn't find the Security tab as Advanced Features needed selecting from the View menu.  Once I had activated this all became clear

     

     

     

    BRILLIANT !

     

     

     

     

    Tuesday, October 14, 2008 4:17 PM
  • Amit,

    One last stumbling block that I've come across today is that when a user sends a reply back to the customer using the newly created service mailbox.  The message is dropping in to their own personal sent items rather than the group service mailbox sent items.   I have read various documents on this but they seem to suggest manually editing each email every time you create one.  The staff just wont remember to click on "options" within the outlook new message every time.

     

    Isn't there a simple solution so that exchange/outlook knows automatically that any personal mail goes to personal sent items and any group mail goes to the group sent items.  Surely there must be a way of doing this.

     

    Please help !!

     

    Wednesday, October 15, 2008 4:22 PM
  • Russ,

     

    Actually that’s the known problem, if you open any of the shared mailbox in your outlook profile as an additional mailbox and you sent mail by using send-as, it always saves into user’s sent items instead of shared mailbox.

     

    Options you have….

    Using OWA is the easiest option for you, I think....

    Wednesday, October 15, 2008 4:38 PM
  • Amit,

     

    The Ivasoft option would cost £1000 for the licence so that's out,

     

    I've had a look at James' response and would appreciate some clarification please.....

     

     

    He wrote.......:

     

    1.       You can create a outlook rule on it

    a.       Let monitors open shared mailbox in their navigate pane

    b.      Create a new category called “From shared mailbox”

    c.       Create a specific rule

    Check messages after sending

    Condition: assigned to category category [From shared mailbox]

    Action: move a copy to the specific folder [shared mailbox’s Sent Items]

    d.      When monitors send shared mailbox’s mail, click “Options” button in the reply message window, and set category to the customized one, then messages will go to shared mailbox’s Sent Items

     

    What I would like to know is:

     

    Item (d) - do i have to get all our users to remember to do this every single time they write an email or is there some way in which you can set this to do it every time automatically.  I am concerned that they wouldn't remember.

     

    Also, there must be a macro that Ivasoft use that checks the "From" field and then posts it to the appropriate folder.   Is there any way of writing a simple macro to do this?

     

    Also, I found within Microsofts knowledge base an article that describes making a simple registry alteration to change the location of the deleted items folder from within shared mailboxes or personal mailboxes.  Do you know if there is a way of applying the same principle for the sent mail items. 

    Here is a link to it:

     

    http://support.microsoft.com/default.aspx?scid=kb;en-us;Q202517

     

     

    Any further answers to my questions would be much appreciated...

     

    Thank you.

    Thursday, October 16, 2008 4:08 PM