Exchange: "One or more users currently use a mailbox store on this server"

Summary: When uninstalling Exchange; you receive the following error message:


"One or more users currently use a mailbox store on this server"


This can occur for multiple reasons:

1. There was a user in which the mailbox was never created because it was not activated ie. user never logged in or no mail was sent to it.

2. There is a user who has Exchange attributes but no mailbox referencing this server.


Resolution:

1. Start ADUC; click find.

2. Click custom search in drop down

3. Click Advanced tab

4. In LDAP field type:


(msExchHomeServerName=/O=myexchangeorgname/
OU=myorgname/cn=Configuration/cn=Servers/cn=myexchangeserver)
(objectClass=User)


Substitue o=myexchangeorgname and OU=myorgname and cn=myexchangeserver with your values. To find these values you can open adsiedit and go to the properties of a user and find the msexchhomeservername property.




James Chong (MVP)
MCITP | EMA; MCSE | M+, S+,
Security+, Project+, ITIL
msexchangetips.blogspot.com

Exchange 2007: Exception message: Property Languages cannot be set on this object because it requires the object to have version 0.1 (8.0.535.0) later

Summary: When accessing OWA you receive error:

A problem occurred while trying to use your mailbox. Please contact technical support for your organization.

The Stack Trace shows:


Request
Url: https://mail.simplexity.com:443/owa/lang.owa
User host address: X.X.X.X

Exception
Exception type: Microsoft.Exchange.Data.Storage.StoragePermanentException
Exception message: There was a problem accessing Active Directory.

Call stack

Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.
DispatchLanguagePostLocally(OwaContext owaContext, OwaIdentity logonIdentity, CultureInfo culture, String timeZoneKeyName, Boolean isOptimized)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.
DispatchLanguagePostRequest(OwaContext owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.
PrepareRequestWithoutSession(OwaContext owaContext, UserContextCookie userContextCookie)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.
InternalDispatchRequest(OwaContext owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.
DispatchRequest(OwaContext owaContext)
System.Web.HttpApplication.SyncEventExecutionStep.System.Web.
HttpApplication.IExecutionStep.Execute()
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Inner Exception
Exception type: Microsoft.Exchange.Data.Directory.
InvalidADObjectOperationException
Exception message: Property Languages cannot be set on
this object because it requires the object to have
version 0.1 (8.0.535.0) or later. Current version of
the object is 0.0 (6.5.6500.0).

Call stack

Microsoft.Exchange.Data.Directory.PropertyBag.set_Item
(PropertyDefinition key, Object value)
Microsoft.Exchange.Data.Directory.ADObject.set_Item
(PropertyDefinition propertyDefinition, Object value)
Microsoft.Exchange.Data.Directory.ADObject.
StampCachedCaculatedProperties(Boolean retireCachedValue)
Microsoft.Exchange.Data.Directory.ADObject.ValidateWrite(List`1 errors)
Microsoft.Exchange.Data.Directory.Recipient.ADRecipient.
ValidateWrite(List`1 errors)
Microsoft.Exchange.Data.Directory.Recipient.ADUser.
ValidateWrite(List`1 errors)
Microsoft.Exchange.Data.Directory.ADSession.Save
(ADObject instanceToSave, IEnumerable`1 properties)
Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()


In this instance the issue is caused because the 2007 mailbox was created using the Exchange 2003 tools. Therefore the mailbox shows as a legacy mailbox in Exchange 2007EMC. You will need to convert this to "user mailbox" by applying mandatory properties.


1. Open Exchange 2007 Shell

[PS] C:\Documents and Settings\jchong\Desktop>set-mailbox Alias -applymandatoryproperties




James Chong (MVP)
MCITP | EMA; MCSE | M+, S+,
Security+, Project+, ITIL
msexchangetips.blogspot.com

Exchange 2007: Transport Rule Journal Selective Domain

Summary: This article will go over how to journal a selective domain using a custom transport rule. The following example shows how to use a custom transport rule to copy all emails from hotmail.com to a journal mailbox.


Open Exchange Shell and enter the following:

$Condition = Get-TransportRulePredicate FromAddressContains
$Condition.words = @("hotmail.com")
$Action = Get-TransportRuleAction Copyto
$Action.Addresses = @(get-mailbox "journal")
New-TransportRule -Name "copy messages to journal mailbox" -Conditions @($Condition) -Actions @($Action)


This rule sends a copy to ie. CC's the message to a journal mailbox. You can also opt to BCC by changing third line to:


$Action = Get-TransportRuleAction BlindCopyto



References:


How to Create a New Transport Rule
http://technet.microsoft.com/en-us/library/bb123927(EXCHG.80).aspx


Transport Rule Actions
http://technet.microsoft.com/en-us/library/aa998315(EXCHG.80).aspx


Transport Rule Predicates
http://technet.microsoft.com/en-us/library/aa995960(EXCHG.80).aspx



James Chong (MVP)
MCITP | EMA; MCSE | M+, S+,
Security+, Project+, ITIL
msexchangetips.blogspot.com

Exchange 2003: Event ID: 9167 MSExchangeSA

Summary: Microsoft Exchange System Attendant fails to start and produces Event ID: 9167

"Microsoft Exchange System Attendant does not have sufficient rights to read Exchange configuration objects in Active Directory. Wait for replication to complete and then check to make sure the computer account is a member of the "Exchange Domain Servers" security group."

Subsequently you also see Event ID: 9188

"Microsoft Exchange System Attendant failed to read the membership of group 'cn=Exchange Domain Servers,cn=Users,dc=domain,dc=com'. Error code '80072030'."


You have verified that your Exchange server belongs in the Exchange Domain Servers Security Group.


Resolution: Move the Exchange Domain Servers and Exchange Enterprise Servers back to the USERS OU.



James Chong (MVP)
MCITP | EMA; MCSE | M+, S+,
Security+, Project+, ITIL
msexchangetips.blogspot.com

BlackBerry Internet Service: An error occurred during email account validation

Summary: User cannot provision account to corporate Exchange OWA using BlackBerry Internet Service. In this instance; the user had already been provisioned and was working correctly. However service broke after we did a domain name change. During this change we updated our OWA certificate to our new Domain name and redirected DNS to point old domain name mail.company.com to mail.newcompany.com.

Any attempts to reprovision his account on the ATT BlackBerry site would yeild "An error occurred during email account validation"

All URL combinations were tried: mail.newcompany.com; mail.newcompany.com\exchange; mail.newcompany.com\owa and mail.newcompany.com\owa\user@newcompany.com.

After viewing the HTTP logs during provisioning; you see:

W3SVC814732 X.X.X.X PROPFIND /owa/myuser/ - 443 myuser X.X.X.X Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+4.0) 501 0 0

The 501 (HTTP error 501) means not implemented. PROPFIND is a webdav verb and it seems that webdav was being blocked only for this user. Other users were working ok. I ran some individual webdav tests and was unable to connect to his account; although I was able to connect to others on Exchange 2007 or Exchange 2003. Enabling WEBDAV on Exchange 2007 did not work.


Resolution: This user's device was provisioned when he was on Exchange 2003. His mailbox was moved to Exchange 2007. Although his account was working for weeks on Exchange 2007; something broke. Possibly the domain name change or maybe a coincidence. After moving the user back to Exchange 2003; I was able to connect to his account using webdav test. The user was able to sucessfully provision his account. We plan on moving his account back to Exchange 2007 to see if it still works.



James Chong (MVP)
MCITP | EMA; MCSE | M+, S+,
Security+, Project+, ITIL
msexchangetips.blogspot.com

BlackBerry: DB upgrade failed. Error Executing an sql statement

Summary: When upgrading BES versions in this instance applying BES 4.1 Service Pack 4, you receive the following error "DB upgrade failed. Error Executing an sql statement" during database upgrade.


Resolution: In this instance; the cause was due to the MSDE database log file having exceeded it's default 50MB limit.

To verify the current size of the MSDE log file; go to C:\Program Files\Microsoft SQL Server\MSSQL\Data

Locate file BESMGMT.LDF. (Your database name may not be the same) Examine the file size to see if it has approached the 50MB limit.


To increase the limit:

1. Open a command prompt

2. OSQL -E

3. ALTER DATABASE BESMgmt MODIFY FILE(NAME=BESMgmt_log, SIZE=200MB)



Re-run the service pack or upgrade.



James Chong (MVP)
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

IIS: Error Writing Encrypted Data to the Web Services Configuration Database

Summary: When attempting to install or re-install IIS; you receive the following error:

"Error Writing Encrypted Data to the Web Services Configuration Database" The option gives you the ability to "write unencrypted data." However if you proceed; IIS installation stalls and does not proceed.

World Wide Publishing Service fails to start with

"The specified handle is invalid"

Resolution: Rename the MachinesKeys folder in the following directory to MachineKeysold.

%Windir%\Profiles\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys


Once this has been renamed; in the IIS installation where you were prompted to choose "write uncrypted data" close out this dialog box by clicking the X (windows close button on top right corner"

IIS will complete the instllation and you will see a new MachineKeys directory. If you already closed out of the prompt box above; just uninstall and re-install IIS.




James Chong (MVP)
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

Exchange: Bulk Remove X.400 Address Using Admodify

Summary: This article will go over how to remove legacy X.400 addresses in bulk using Admodify. X.400 addresses were used in Exchange 5.5 and may not be required. However; removing the recipient policy for your X.400 address will not remove the addresses from your users.


To remove X.400 addresses in bulk:

1. Download Admodify

http://www.computerperformance.co.uk/w2k3/utilities/admodify.htm

2. Launch Admodify.exe

3. Modify Attributes

4. Domain List = Choose your domain; Domain Controller = Select your DC

5. Click the Green Arrow

6. Double click your domain in the white pane. This will expand your OU list. You can highlight just the OU you wish your query or highlight the domain to work with all objects in your domain.

7. Click Add to list. This will enumerate your users in the right pane. Click Select All and next.

8. Click the Custom Tab.

9. Check "Make a Customized Attribute Modification"

Attribute name: proxyAddresses
Attribute value: X400:c=US;a= ;p=mycompany;o=FC;s=%'sn'%;g=%'givenName'%;


Note: You need to substitute p=mycompany and o=FC with your own values by checking an existing x.400 address of your user.


10. Check Multivalued Remove and click Go.

11. Verify by checking a user or check the XML log that was produced in the same directory of your admodify.exe file.


Note: Do not forget to delete or uncheck your recipient policy for your x.400 address in ESM.



James Chong (MVP)
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

Exchange: The format of the e-mail address is incorrect

Summary: When sending to an internal user; you receive the following NDR:


Your message did not reach some or all of the intended recipients.

Subject: test ignore
Sent: 1/21/2008 11:50 AM

The following recipient(s) cannot be reached:

Joe Test on 1/21/2008 11:50 AM
The format of the e-mail address is incorrect. Check the address, look up the recipient in the Address Book, or contact the recipient directly to find out the correct address.




Resolution: A second SMTP proxy was added. However sending to this SMTP proxy would fail. The email address was correctly formatted without any special characters. A simple removing of the SMTP address and re-entering it in worked without issue. The cause could've have been pasting the address. Sometimes pasting can cause issues.



James Chong (MVP)
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

Exchange 2007: Free Busy Not Available for 2003 Users

Summary: Exchange 2007 users cannot view Free Busy for users on Exchange 2003

Resolution: Copy the Free Busy System from to Exchange 2007.

1. Open Exchange 2003 System Manager.
2. Scroll to Administrative Groups and Folders
3. Right click Public Folders - View System Folders
4. Expand Schedule + Free Busy
5. You should see Free Busy subfolders starting with EX: Right click each one properties, replication tab. Add your Exchange 2007 server.

Let it replicate and check 15-30 minutes.


James Chong (MVP)
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

Exchange 2007: This Ca Root Certificate Is Not Trusted. To enable Trust, Install This Certificate In The Trusted Root Certification Authorities Store.

Summary: Exchange 2007 CAS server uses a self signed cert. Depending on what services your CAS role plays you may get the following error:

"This Ca Root Certificate Is Not Trusted. To enable Trust, Install This Certificate In The Trusted Root Certification Authorities Store"


Cause: In this instance, I had my CAS server using a Self Signed Cert for the Address book distributin in the Default Web Site while using a Valid third party commercial Cert for OWA. This worked fine using the article below.

Exchange 2007 and SSL Certificates
http://www.sembee.co.uk/archive/2007/01/21/34.aspx


However when viewing FREE\Busy info, the Cert error would appear with the error:

"This Ca Root Certificate Is Not Trusted. To enable Trust, Install This Certificate In The Trusted Root Certification Authorities Store"


Solution:

1. Go to the Default Web Site in IIS and remove the Self Signed Cert. Right click the Default Web Site, Directory Security, Server Certificate, Next, and Remove the cert.

2. Open Certificates in MMC. Go to Run, MMC. File Add Remove Snap In, Add Certificates; Computer Account; Local Computer and Click OK.

3. Once your Certificates MMC is open Go to Personal Certificates. Right Click Request New Cert, Next, Friendly Name = Hostname of your Server and Next and Finish.

4. Copy the new cert to the Trusted Root Certification Authorities Certificates.

5. Go back to the Default Website in IIS, Properties, Diretory Security, Server Certificate. Assign an existing certificate and choose the new cert that was created.

6. Issue IISRESET from your command prompt.



James Chong (MVP)
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

Active Directory: Convert Global Groups to Universal Groups Bulk

Summary: There may come a time when you need to convert your Global Groups into Universal Groups such as if you're in a multi-domain Forest. This is because the Global Catalog server does not have a copy of Global Groups in other domains. This can cause a problem with Distribution list expansion.


Tip: To bulk change your Global Security or Distribution Groups into Universal Groups; you can use Admodify using the custom attribute tab of "groupType"


Download Admodify:

ftp://ftp.microsoft.com/PSS/Tools/Exchange%20Support%20Tools/ADModify


1. Launch ADMODIFY.EXE
2. Click Modify Attributes
3. Domain List=Choose your Domain; Domain Controller=Choose your DC
4. Check only Groups; Check Advanced Features; Click Traverse Subcontainers
5. Click the Green Arrow and now highlight your Domain
6. Click Custom LDAP query.

Global Security Groups

(&(objectcategory=group)(grouptype:1.2.840.113556.1.4.803:=-2147483646))


7. Click Add to list and click OK
8. Select All and click next.
9. Click Custom Tab. Click Make a customized attribute modification

Attribute Name: groupType
Attribute Value: -2147483640


Click Ok. This will convert your Global Security Groups to Global Universal Groups.

Use the following Chart to convert your Global Distribution Groups.


[Group Scope] [Group Type] [groupType value] [sAMAccountType attribute]

[Universal] [Distribution] [8] [268435457]
[Universal] [Security] [-2147483640] [268435456]
[Global] [Distribution] [2] [268435457]
[Global] [Security] [-2147483646] [268435456]
[Domain Local] [Distribution] [4] [536870913]
[Domain Local] [Security] [-2147483644] [536870912]


James Chong (MVP)
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

Exchange 2007: Messages Not Received to Distribution Group

Summary: After installing a CAS server; sending to particular distribution groups do not work. Adding yourself to the group; you do not received messages. No NDR messages are received as well.

When Telnetting and sending the message

Telnet: CASServer 25
Mail from:youraccount@yourdomain.com
Rcpt to:DLGroup
Data
.
.
Message Sucessfully Queued


Users do not receive messages that belong to the Distribution Group


Solution: Verify that the group is a Universal Group if you're in a multi-domain forest. There were no issues sending to the DL prior to the introduction of a 2007 CAS.



James Chong (MVP)
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

Exchange 2007: POP3 ERR Command is not valid in this state

Summary: POP applications report ERR "Command is not valid in this state" after supplying credentials. To verify you try telnetting to POP port 110 of your CAS server:

Telnet CASServer 110
User Myaccount
Pass Mypass
ERR Command is not valid in this state


Resolution: Open your Exchange Shell and enter:

Set-PopSettings -LoginType PlainTextLogin

Restart your POP3 service


James Chong (MVP)
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

Exchange 2007: ActiveSynch Does Not Work With Exchange 2003 Mailboxes

Summary: Exchange 2007 ActiveSync does not with with mailboxes on Exchange 2003. When entering username and password; password keeps prompting.

To verify Activesync; go to
https://hostname/Microsoft-Server-ActiveSync on your CAS server. If you receive HTTP 501/HTTP 505 Activesync is working.


Resolution: Enable Integrated authentication on your Microsoft-Server-Activesync
Virtual Directory on all your BackEnd 2003 Servers


James Chong (MVP)
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

Exchange 2007: Event ID 9589 Exceeded the max number of 6 Storage Groups on this server

Summary: Exchange 2007 fails to mount additional databases after you've created 5 Storage Groups. In additional, you get Event ID:9589 "Exceeded the max number of 6 Storage Groups on this server."

You have verified that your Exchange 2007 Edition is Enterprise in the EMC GUI.


Resolution:

Re-enter your product key in the Shell and restart your information store.

[PS] H:\>set-exchangeserver -identity dcex01 -productkey XXXX-XXXX-XXXX-XXXX-XXXX

WARNING: The Exchange server "DCEX01" is already licensed.
WARNING: The product key has been validated and the product id has been
successfully created. Note: This change will not be complete until the store
has been restarted.


Cause: Unknown



James Chong (MVP)
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

SMTP: No DATA command sent-rset

Summary: Messages sent to a relay server (Surgemail) would often have messages not get delivered. Messages were being delivered through an ASP application. However some messages would go through. Performing a telnet session works fine. When checking the SMTP logs the client would issue a rset command after the RCPT TO: command. The SMTP server (surgemail) would reply with an recipient ok and would be received by the client.



Cause:

The cause was Symantec AntiVirus 10.0.0.359 running the Internet E-mail Auto Protect. Disable the feature.





James Chong (MVP)
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

Active Directory: Copy Distribution List Members to Another Distribution List

Summary: In this example, we will copy all members from one Distribution Group to another Distribution Group.

Copy the contents below and save as copymembers.vbs to C: drive


Const ADS_GROUP_TYPE_GLOBAL_GROUP = &H2

Set objOU = GetObject("LDAP://OU=Security Groups, dc=company, dc=com")
Set objOldGroup = GetObject("LDAP://CN=mysourcegroup, ou=security groups, dc=company, dc=com")
Set objNewGroup = GetObject("LDAP://CN=mytargetgroup, ou=security groups, dc=company, dc=com")

On Error Resume Next
For Each objUser in objOldGroup.Member
objNewGroup.Add "LDAP://" & objUser
Next


Open Command prompt:

C:\>cscript copymembers.vbs


The script will copy all members in the "mysourcegroup" Distribution List to your "mytargetgroup" Distribution List.


Note: Some organizations like to use # in front of their Distribution List names so they appear together in the GAL. Because this is a special character it will need to be in double quotes to treat # as a literal.

Example:
("LDAP://""CN=mysourcegroup""


James Chong (MVP)MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com

How useful was this article? Want to see a tip not listed? Please leave a comment.

Exchange: Find Disabled Accounts with Mailboxes

Summary: In this example we will use a customer AD query to search for disabled accounts with mailboxes.


Example 1.


In this example we will perform a custome AD search using Active Directory Users and Computers


1. Open Active Directory Users and Computers and click the find icon

2. In the "Find" drop down menu, select custom search and click the advanced tab

3. Paste the following in the white pane:

(&(UserAccountControl:1.2.840.113556.1.4.803:=2)(msExchHomeServerName=*)(objectClass=User))



This will enumerate all disabled accounts with mailboxes. From here you can delete all the mailboxes by selecting the first user and scolling down to the bottom of the list and selecting the last user by shift + left click. Then right click the list, Exchange tasks and delete mailbox.



To perform a search of a single server:


(&(UserAccountControl:1.2.840.113556.1.4.803:=2)(msExchHomeServerName=/O=Domain/OU=MyOU/cn=Configuration
/cn=Servers/cn=Exservername)(objectClass=User))

Click find.


To obtain the full dn of your msExchHomeServerName attribute, you can find this in ADSIEdit.

1. Go to start run, type adsiedit.msc (part of windows server support tools)

2. Expand Domain, this should resemble your OU structure. Locate a user, right click a user cn=my user and select properties.

3. Look for attribute msExchHomeServerName and double click. Copy this string and paste it in the above Ldap query.


Other tricks:


Find disabled accounts with mailboxes that are not hidden in the GAL.


(&(UserAccountControl:1.2.840.113556.1.4.803:=2)(msExchHomeServerName=*)(!msExchHideFromAddressLists=TRUE)(objectClass=User))

To export to txt file using LDIFDE from command prompt:

C:\>ldifde -f c:\exportlist.txt -r "(&(UserAccountControl:1.2.840.113556.1.4.803
:=2)(msExchHomeServerName=*)(!msExchHideFromAddressLists=TRUE)(objectClass=User)
)" -l "dn"


Best practices:


Ensure that you have deleted Mailbox retention configured to ensure that these mailboxes can be recovered in a swift manner. To configure mailbox retention, open Exchange System Manger, locate your mailbox store, properties limits tab.




James Chong (MVP)MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com

How useful was this article? Want to see a tip not listed? Please leave a comment.

Exchange: DSQUERY Is Your Friend

Summary: Dsquery is a powerful search command tool that can help you find users, or users with certain attributes. Below are some sample searches to give you an idea of how to use dsquery and it's syntax.


Example 1.

In this example, I want to find to export objects and who has ownership. For example, I want to find the owners of distribution lists that they can manage.

C:\Documents and Settings\JamesMVP>dsquery * -limit 200000 dc=corp,dc=mycompany,dc=com -filter "(&(objectclass=*)(objectcategory=*))" -attr displayname managedby > c:\managedby.txt


Example 2.

In this example, I want to list all users that are in a certain mailbox store using the homemdb attribute.

C:\Documents and Settings\JamesMVP>dsquery * dc=corp,dc=mycompany,dc=com -filter "(&(objectclass=user) (object category=person)(homemdb=CN=Mailbox Store (EX3),CN=First Storage Group,CN= InformationStore,CN=EX3,CN=Servers,CN=First Administrative Group,CN=Admini strative Groups,CN=DSTTEST,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC =corp,DC=company,DC=local))" -attr displayname > c:\mailboxes.txt


James Chong (MVP)
MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com
ftp://ftp://ftp.smtp25.org//

How useful was this article? Want to see a tip not listed? Please leave a comment.

Exchange: BCP Planning Exchange 2003

Summary: Business continuity planning for Exchange 2003 using standby server. Many users ask how to have a standby server in the event that their Exchange server fails. Other than using third party application replication software, the only method is to perform the empty mailbox method (dial tone) on your standby server. This basically involves moving your mailboxes to the standby server by changing serveral Exchange related attributes. Because your primary server is down, you cannot move the mailboxes using Exchange System Manager, therefore you will have to manually update the attributes which a move mailbox would perform. With Exchange 2007, this is easier with LCR technology.

MS has an article "How to Re-Home Exchange Mailbox Account"
http://technet.microsoft.com/en-us/library/bb124766.aspx

While testing the steps in this article there were several issues that were noted. This article will go over these steps to test the re-homing of your mailboxes. This article will also go over using ADmodify to re-home mailboxes as well.


Note: After users have been re-homed to a test server, they must create a new profile. This is because their existing profile will continue to point to the down server and will not re-direct them to their new server. Users also have the option to work via OWA.


Method 1 Using LDIFDE

1. Open command prompt and export the following Exchange attributes from the users in the failed Exchange server. Replace homeMDB with the DN of the server that failed. You can retrieve the DN by going into adsiedit.msc

2. This must be performed for every database on the Exchange server that failed. If there are 8 databases, this will need to be run 8 times changing the homeMDB attribute to each individual database.

C:\>ldifde -f export.txt -d "dc=corp,dc=etradegrp,dc=com" -l msexchhomeservern
ame,homemdb,homemta -r "(&(objectclass=user)(homeMDB=CN=Mailbox Store 08 (ATL1EX11),CN=Third Storage Group,CN=InformationStore,
CN=ATL1EX11,CN=Servers,CN=UnitedStates,
CN=Administrative Groups,CN=MyOrgInc,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=corp,
DC=Mydomain,DC=com))"


3. Open the export.txt file and copy contents into MS word. Replace the following on the left column with the right column.


dn: [replacewith] -^pdn:
changetype: add [replacewith] changetype: add
homeMTA [replacwith] replace: homeMTA^phomeMTA
homeMDB [replacewith] -^preplace: homeMDB^phomeMDB
msExchHomeServerName [replacewith]
-^preplace: msExchHomeServerName^pmsExchHomeServerName

[name of original database] replacewith [name of new database]
[name of original storage group] replacewith [name of new storage group]
[name of original server] replacewith [name of new server]


Sample Input LDF File after replacing 8 objects above should resemble formatting below. (Ensure there is a line space from ending of one user object to beginning of new user object. Remove mailboxes for SMTP connector, System Attendant and System Mailbox prior to importing file in step 3. Replace the name of original db, storage group and original server with new names.

dn: CN=Chong\,MVP,OU=HQ,DC=Corp,DC=lab,DC=local
changetype: modify
replace: homeMTA
homeMTA:
CN=Microsoft MTA,CN=DEVEX2,CN=Servers,CN=First Administrative Group,CN=Admi

nistrative Groups,CN=DSTTest,CN=Microsoft Exchange,CN=Services,CN=Configuratio
n,DC=dsttest,DC=etrade,DC=local
-
replace: homeMDB
homeMDB:
CN=Mailbox Store (DEVEX2),CN=First Storage Group,CN=InformationStore,CN= DEVEX2,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=DS
TTest,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=corp,DC=lab,
DC=local
-
replace: msExchHomeServerName
msExchHomeServerName:
/o=DSTTest/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=DEV
EX2
-

dn: CN=adm-Chong\, James,OU=EnterpriseServices,DC=corp,DC=lab,DC=local
changetype: modify
replace: homeMTA
homeMTA:
CN=Microsoft MTA,CN=DEVEX2,CN=Servers,CN=First Administrative Group,
CN=Administrative Groups,CN=corp,CN=Microsoft Exchange,CN=Services,
N=Configuration,DC=corp,DC=lab,DC=local
-
replace: homeMDB
homeMDB:
CN=Mailbox Store (DEVEX2),CN=First Storage Group,CN=InformationStore,CN= DEVEX2,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=DS
TTest,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=corp,DC=lab,
DC=local
-
replace: msExchHomeServerName
msExchHomeServerName:
/o=DSTTest/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=DEV
EX2
-


4. Import File LDIFDE –I – F

5. Open ADUC, open an account for a user that resided on the down Exchange server. Click the Exchange General tab. Verify that the mailbox location now points to the new location.

6. Open user mailbox. Must create a new Outlook profile or choose to use OWA. Mailbox will not show in ESM until user has opened Mailbox in Outlook.

7. Once the original database has been restored to the original server, re-rerun the script to re-home the user’s mailboxes back to the original server.

8. Perform Exmerge on the temporary Exchange server to extract the .PST files. Re-run exmerge in merge mode to merge the new e-mails with the old mailbox.



Method 2 ADMODIFY Utility


Execute admodify. You can download this from MS. Ensure that the application is run with admin privileges

Proceed with the following instructions:


Modify Attributes

Domain List = DC=corp,DC=lab,DC=com


Domain Controller List = dc.corp.lab.com

Show Only = Users


Domain Tree List = Advanced Features, Show Containers Only


Click Custom Ldap Query

Click green arrow. You should now see corp in the white page, highlight this

LDAP Filter = (&(objectclass=user)(homeMDB=CN=Mailbox Store 08 (EXCH1),
CN=Third Storage Group,CN=InformationStore,CN=EXCH1,CN=Servers,
CN=UnitedStates, CN=Administrative Groups,CN=MyorgInc,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=corp,DC=lab,DC=com))


Click Add to List. Will take about 3-5 minutes to generate query

Once items have been enumerated. Highlight all items while removing any system mailboxes, ie. SMTP mailbox. Click next

Click Exchange General Tab, check, set homeMDB drop down box. (Note select this option before Set homeMTA. There appears to be a bug in which the list will not enumerate if this option is chosen second) Choose the temporary Exchange server. No set homeMTA and choose the same temporary Exchange server and click Go button.



James Chong (MVP)MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com
ftp://ftp://ftp.smtp25.org//
How useful was this article? Want to see a tip not listed? Please leave a comment.

Exchange: DST Patching Uncovered

zSummary:

In order to minimize the impact the 2007 Daylight Savings Time changes, Microsoft has released several KB articles to address patching and best practices. Through extensive testing, I hope to shed some light on some best practices, issues uncovered, and the proper procedures. In order to adhere to the Daylight Savings Time changes for 2007, the following must be performed and considered.

1. Install all operatating system DST patches. Install the DST patch for all your Windows servers and XP clients. This includes patching your Exchange server's operating system.
http://support.microsoft.com/kb/931836/en-us

2. Install Exchange DST Patch. Microsoft has released two distinct patches for Exchange 2003. One for Exchange 2003 service pack 1 and one for Exchange 2003 service patch 2. Microsoft has not released Exchange 2000 DST patches. This is only available to customers with extended hotfix support. You can obtain this patch by calling MS. (approx $4,000 usd) The following links provide patches to Exchange 2003.

Exchange Service Pack 2
http://support.microsoft.com/kb/926666/en-us
Exchange Service Pack 1
http://support.microsoft.com/kb/931978/


Note: Both Exchange 2003 patches will update your store version greater than [store. exe 6.5.7233.51] Any store version greater than this will change the behavior of "Send As" functionality. What this means is that, prior to these versions, if you granted Bob full rights to Jim's mailbox, Bob can implicity "Send As" Jim even though Bob does not have "Send As" permission checked. Since Bob has full rights to Jim's mailbox this right is implicit. However, after patching, the implicit "Send As" rights are revoked and you will need to be cognizant as this can break services such as Blackberry. What I recommend is running Microsoft's script that will export all user's that have full mailbox rights on another user but does not have the "Send As" right. The script is pretty straight forward to run and can be obtained in this article.

Note: Be aware of article 932599 Information Store may not start after Exchange DST patching. This is due to duplicate SIDS for well known users or groups (ie. built in) or duplicate attribute values for objects. It is recommended to patch one server first to test since ACL are usually propagated at the Exchange Org\Admin Group level. If one is ok after patching it should be safe to patch others. If you want to be extra safe, you can use this same principal to install a new Exchange server in your org, mount a DB and patch it to see if breaks.

Information Store database does not mount with Event ID 9519 and 9518
http://support.microsoft.com/kb/932599

http://support.microsoft.com/kb/912918/


3. Run Calendar Update Utility. You must run the calendar update utility after patching your Exchange DST patching. This is separate from your Exchange DST patching in step 2. The utility must be run in order to fix any calendar appointments made during the extended DST time. There are two versions of the calendar update tool, an Outlook Client Tool and an Exchange Server Tool. I have tested both. Here are some considerations.

Exchange Calendar Update Tool
http://www.microsoft.com/downloads/details.aspx?FamilyID=A9336886-4B28-4010-9416-36D38429438D&displaylang=en

Timezone Update Tool (Outlook)
http://www.microsoft.com/downloads/details.aspx?FamilyID=e343a233-b9c8-4652-9dd8-ae0f1af62568&DisplayLang=en


Exchange Calendar Update Tool (Server Side) - This utility first extracts the timezone information from all user's mailboxes into a text file. Once the text file is exported with this info, it actually uses the client side Timezone Update Tool to update the mailboxes using this file. Here are some considerations when running the Exchange Calendar Update Tool.

- Cannot run on an Exchange server

- You will need to install .Net Framework 2.0, Exchange Calendar Update Tool and the Outlook Timezone Update Tool. The reason you need the client Outlook Timezone Update Tool is because the Exchange Calendar Update Tool calls the executable for the Outlook Update Tool.

- Need to run with a mailbox that has full rights to other's mailboxes. Profile cannot be in cached mode. Also set profile to automatically start in that profile and not select from list.

- If you run utility more than once, any appointments made after you patched your Exchange server with Exchange DST patch will get messed up. This is because the utility will assume that the appointment was made prior to patching. It is recommended to run the utility soon after Exchange DST patching.

- Exchange Calendar Tool processes 6.13 mailboxes a minute and only one thread can be run at a time on one machine. However, you can run on multiple machines.

- If the Exchange DST patch was installed prior to running the Calendar Update Tool (Server or Client) recurring meetings created by OWA will not be updated. To correct, uninstall the DST patch, run the tool, re-install patch.

- Only calendar items in which you were the organizer will get times updated (moved 1hr back)


In large enterprise environments, running the Exchange Calendare Update Tool can take hours\days since it can only process 6.13\mailboxes a minute and only one instance can be running per machine. However, one option you can have is to push the client side Timezone Update Tool to all machines using something like SMS and then having it run the executable with the /q or/quiet switch. This will update the calendar items without user intervention. Works with Outlook open or closed.


Mobile Devices

If you are using mobile devices such as Blackberry consider the following:

1. Remember to update your CDO.dll from your Exchange server to your Blackberry Server
2. Blackberry Handhelds need to be patched. Refer to the following article.
http://www.blackberry.com/DST2007/patch/index2.shtml

References:

Prepare Outlook calendar items for daylight saving time changes in 2007
http://office.microsoft.com/en-us/outlook/HA102086071033.aspx?pid=CH100776851033#9

How to address daylight saving time by using the Exchange Calendar Update Tool
http://support.microsoft.com/kb/930879

MsexchangeTeam Step by Step run of Exchange Calendar Update Configuration Tool
http://msexchangeteam.com/archive/2007/02/14/435267.aspx


James Chong (MVP)
MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com
ftp://ftp://ftp.smtp25.org//


How useful was this article? Want to see a tip not listed? Please leave a comment.