Exchange 2007: One or more users cannot be added to the folder access list. Non-local users cannot be given rights on this server

Summary: When attempting to add a user to a public folder permssion you receive the following error.

One or more users cannot be added to the folder access list. Non-local users cannot be given rights on this server

In addition when you look in the GAL the user has a red circle.

Cause: It appears to be because the user is a mailbox of type "Shared"

Solution: Convert the mailbox type to regular.

Set-mailbox user1 -type regular



James Chong (MVP)
MCITP | EA | EMA; MCSE | M+, S+
Security+, Project+, ITIL
msexchangetips.blogspot.com

Exchange 2007: Outlook Web Access did not initialize. An event has been logged so that the system administrator can resolve the issue.

Summary: After the default 15 minute forms based authentication timeout, it does not default to FBA login page. Instead you get an HTTP error page:

Outlook Web Access did not initialize. An event has been logged so that the system administrator can resolve the issue. Please contact technical support for your organization

In addition you may also get Event ID 30

Event ID 30
There is an error in your Outlook Web Access configuration.
The authentication type specified on the OWA virtual directory is set to Anonymous. This check box must be cleared for Outlook Web Access to function properly.

Solution: In this instance, the permissions of the OWA virtual directory were not corrrect. The parent OWA was set correctly but the control subfolder\files were not.

OWA virtual directory permissions

OWA - Basic
8.1.240.5 - Enable anonymous access
8.1.263.0 - Enable anonymous access
8.1.291.1 - Enable anonymous access
8.1.311.2 - Enable anonymous access
auth - Enable anonymous access
Bin - Enable anonymous access
Current - Basic
forms - Basic
Help - Basic
smime - Basic
spell - Basic



James Chong (MVP)
MCITP | EMA; MCSE | M+, S+
Security+, Project+, ITIL
msexchangetips.blogspot.com

Exchange 2007: The sequence of predicates is invalid

Summary: When creating a transport rule I got the following error: "The sequence of predicates is invalid" In this case it appears that the order or predicate rules mattered.

In this example, I was creating a rule to silently drop all messsages coming in from an external address to an internal address.

$Condition = Get-TransportRulePredicate FromAddressContains
$Condition1 = Get-TransportRulePredicate SentTo
$Condition.words = @("externaluser1@gmail.com","externaluser2@gmail.com")
$Condition1.addresses = @(get-mailbox user1)
$Action = Get-TransportRuleAction DeleteMessage
New-TransportRule -Name "Deny Senders to Cellulardeals" -Condition @($Condition,$condition1) -Actions @($Action)

This would yield "The sequence of predicates is invalid" However after swapping the condition to put SentTo before FromAddressContains it works fine.

$Condition = Get-TransportRulePredicate SentTo
$Condition.addresses = @(get-mailbox user1)
$Condition1 = Get-TransportRulePredicate FromAddressContains
$Condition1.words = @("externaluser1@gmail.com","externaluser2@gmail.com")
$Action = Get-TransportRuleAction DeleteMessage
New-TransportRule -Name "Deny Senders to Cellulardeals" -Condition @($Condition,$condition1) -Actions @($Action)



James Chong (MVP)
MCITP | EMA; MCSE | M+, S+
Security+, Project+, ITIL
msexchangetips.blogspot.com

Exchange: Find Disabled Accounts with Mailboxes Via PowerShell

Summary: This article will go over how to search for disabled users with mailboxes. This is part 2. In part 1; this was done using ADUC.

Exchange: Find Disabled Accounts with Mailboxes
http://msexchangetips.blogspot.com/2007/06/exchange-find-disabled-accounts-with.html

This part will go over how to use powershell.

1. Download Quest powershell. http://www.quest.com/activeroles-server/arms.aspx

Run the following query. I like to export just the name, description and altrecipient to find out if the mailbox is doing any forwarding as well.

[PS] H:\>get-qaduser -includedproperties altrecipient -ldapfilter '(&(UserAccountControl:1.2.840.113556.1.4.803:=2)(msEx
chHomeServerName=*)(objectClass=User))' | select-object -property "name", "description", "altrecipient" >c:\mailboxes.csv



James Chong (MVP)
MCITP | EMA; MCSE | M+, S+,
Security+, Project+, ITIL
msexchangetips.blogspot.com

Exchange: "One or more users currently use a mailbox store on this server"

Summary: When uninstalling Exchange; you receive the following error message:


"One or more users currently use a mailbox store on this server"


This can occur for multiple reasons:

1. There was a user in which the mailbox was never created because it was not activated ie. user never logged in or no mail was sent to it.

2. There is a user who has Exchange attributes but no mailbox referencing this server.


Resolution:

1. Start ADUC; click find.

2. Click custom search in drop down

3. Click Advanced tab

4. In LDAP field type:


(msExchHomeServerName=/O=myexchangeorgname/
OU=myorgname/cn=Configuration/cn=Servers/cn=myexchangeserver)
(objectClass=User)


Substitue o=myexchangeorgname and OU=myorgname and cn=myexchangeserver with your values. To find these values you can open adsiedit and go to the properties of a user and find the msexchhomeservername property.

One thing to note; if the query comes back with no results; copy the query into notepad. Close out the ADUC search and re-open it and paste the search query. I've noticed that the query does not work when pasting even though you remove all spaces unless you restart ADUC search.


James Chong (MVP)
MCITP | EMA; MCSE | M+, S+,
Security+, Project+, ITIL
msexchangetips.blogspot.com

Exchange 2007: Exception message: Property Languages cannot be set on this object because it requires the object to have version 0.1 (8.0.535.0) later

Summary: When accessing OWA you receive error:

A problem occurred while trying to use your mailbox. Please contact technical support for your organization.

The Stack Trace shows:


Request
Url: https://mail.simplexity.com:443/owa/lang.owa
User host address: X.X.X.X

Exception
Exception type: Microsoft.Exchange.Data.Storage.StoragePermanentException
Exception message: There was a problem accessing Active Directory.

Call stack

Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.
DispatchLanguagePostLocally(OwaContext owaContext, OwaIdentity logonIdentity, CultureInfo culture, String timeZoneKeyName, Boolean isOptimized)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.
DispatchLanguagePostRequest(OwaContext owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.
PrepareRequestWithoutSession(OwaContext owaContext, UserContextCookie userContextCookie)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.
InternalDispatchRequest(OwaContext owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.
DispatchRequest(OwaContext owaContext)
System.Web.HttpApplication.SyncEventExecutionStep.System.Web.
HttpApplication.IExecutionStep.Execute()
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Inner Exception
Exception type: Microsoft.Exchange.Data.Directory.
InvalidADObjectOperationException
Exception message: Property Languages cannot be set on
this object because it requires the object to have
version 0.1 (8.0.535.0) or later. Current version of
the object is 0.0 (6.5.6500.0).

Call stack

Microsoft.Exchange.Data.Directory.PropertyBag.set_Item
(PropertyDefinition key, Object value)
Microsoft.Exchange.Data.Directory.ADObject.set_Item
(PropertyDefinition propertyDefinition, Object value)
Microsoft.Exchange.Data.Directory.ADObject.
StampCachedCaculatedProperties(Boolean retireCachedValue)
Microsoft.Exchange.Data.Directory.ADObject.ValidateWrite(List`1 errors)
Microsoft.Exchange.Data.Directory.Recipient.ADRecipient.
ValidateWrite(List`1 errors)
Microsoft.Exchange.Data.Directory.Recipient.ADUser.
ValidateWrite(List`1 errors)
Microsoft.Exchange.Data.Directory.ADSession.Save
(ADObject instanceToSave, IEnumerable`1 properties)
Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()


In this instance the issue is caused because the 2007 mailbox was created using the Exchange 2003 tools. Therefore the mailbox shows as a legacy mailbox in Exchange 2007EMC. You will need to convert this to "user mailbox" by applying mandatory properties.


1. Open Exchange 2007 Shell

[PS] C:\Documents and Settings\jchong\Desktop>set-mailbox Alias -applymandatoryproperties




James Chong (MVP)
MCITP | EMA; MCSE | M+, S+,
Security+, Project+, ITIL
msexchangetips.blogspot.com

Exchange 2007: Transport Rule Journal Selective Domain

Summary: This article will go over how to journal a selective domain using a custom transport rule. The following example shows how to use a custom transport rule to copy all emails from hotmail.com to a journal mailbox.


Open Exchange Shell and enter the following:

$Condition = Get-TransportRulePredicate FromAddressContains
$Condition.words = @("hotmail.com")
$Action = Get-TransportRuleAction Copyto
$Action.Addresses = @(get-mailbox "journal")
New-TransportRule -Name "copy messages to journal mailbox" -Conditions @($Condition) -Actions @($Action)


This rule sends a copy to ie. CC's the message to a journal mailbox. You can also opt to BCC by changing third line to:


$Action = Get-TransportRuleAction BlindCopyto



References:


How to Create a New Transport Rule
http://technet.microsoft.com/en-us/library/bb123927(EXCHG.80).aspx


Transport Rule Actions
http://technet.microsoft.com/en-us/library/aa998315(EXCHG.80).aspx


Transport Rule Predicates
http://technet.microsoft.com/en-us/library/aa995960(EXCHG.80).aspx



James Chong (MVP)
MCITP | EMA; MCSE | M+, S+,
Security+, Project+, ITIL
msexchangetips.blogspot.com

Exchange 2003: Event ID: 9167 MSExchangeSA

Summary: Microsoft Exchange System Attendant fails to start and produces Event ID: 9167

"Microsoft Exchange System Attendant does not have sufficient rights to read Exchange configuration objects in Active Directory. Wait for replication to complete and then check to make sure the computer account is a member of the "Exchange Domain Servers" security group."

Subsequently you also see Event ID: 9188

"Microsoft Exchange System Attendant failed to read the membership of group 'cn=Exchange Domain Servers,cn=Users,dc=domain,dc=com'. Error code '80072030'."


You have verified that your Exchange server belongs in the Exchange Domain Servers Security Group.


Resolution: Move the Exchange Domain Servers and Exchange Enterprise Servers back to the USERS OU.



James Chong (MVP)
MCITP | EMA; MCSE | M+, S+,
Security+, Project+, ITIL
msexchangetips.blogspot.com

BlackBerry Internet Service: An error occurred during email account validation

Summary: User cannot provision account to corporate Exchange OWA using BlackBerry Internet Service. In this instance; the user had already been provisioned and was working correctly. However service broke after we did a domain name change. During this change we updated our OWA certificate to our new Domain name and redirected DNS to point old domain name mail.company.com to mail.newcompany.com.

Any attempts to reprovision his account on the ATT BlackBerry site would yeild "An error occurred during email account validation"

All URL combinations were tried: mail.newcompany.com; mail.newcompany.com\exchange; mail.newcompany.com\owa and mail.newcompany.com\owa\user@newcompany.com.

After viewing the HTTP logs during provisioning; you see:

W3SVC814732 X.X.X.X PROPFIND /owa/myuser/ - 443 myuser X.X.X.X Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+4.0) 501 0 0

The 501 (HTTP error 501) means not implemented. PROPFIND is a webdav verb and it seems that webdav was being blocked only for this user. Other users were working ok. I ran some individual webdav tests and was unable to connect to his account; although I was able to connect to others on Exchange 2007 or Exchange 2003. Enabling WEBDAV on Exchange 2007 did not work.


Resolution: This user's device was provisioned when he was on Exchange 2003. His mailbox was moved to Exchange 2007. Although his account was working for weeks on Exchange 2007; something broke. Possibly the domain name change or maybe a coincidence. After moving the user back to Exchange 2003; I was able to connect to his account using webdav test. The user was able to sucessfully provision his account. We plan on moving his account back to Exchange 2007 to see if it still works.



James Chong (MVP)
MCITP | EMA; MCSE | M+, S+,
Security+, Project+, ITIL
msexchangetips.blogspot.com

BlackBerry: DB upgrade failed. Error Executing an sql statement

Summary: When upgrading BES versions in this instance applying BES 4.1 Service Pack 4, you receive the following error "DB upgrade failed. Error Executing an sql statement" during database upgrade.


Resolution: In this instance; the cause was due to the MSDE database log file having exceeded it's default 50MB limit.

To verify the current size of the MSDE log file; go to C:\Program Files\Microsoft SQL Server\MSSQL\Data

Locate file BESMGMT.LDF. (Your database name may not be the same) Examine the file size to see if it has approached the 50MB limit.


To increase the limit:

1. Open a command prompt

2. OSQL -E

3. ALTER DATABASE BESMgmt MODIFY FILE(NAME=BESMgmt_log, SIZE=200MB)



Re-run the service pack or upgrade.



James Chong (MVP)
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

IIS: Error Writing Encrypted Data to the Web Services Configuration Database

Summary: When attempting to install or re-install IIS; you receive the following error:

"Error Writing Encrypted Data to the Web Services Configuration Database" The option gives you the ability to "write unencrypted data." However if you proceed; IIS installation stalls and does not proceed.

World Wide Publishing Service fails to start with

"The specified handle is invalid"

Resolution: Rename the MachinesKeys folder in the following directory to MachineKeysold.

%Windir%\Profiles\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys


Once this has been renamed; in the IIS installation where you were prompted to choose "write uncrypted data" close out this dialog box by clicking the X (windows close button on top right corner"

IIS will complete the instllation and you will see a new MachineKeys directory. If you already closed out of the prompt box above; just uninstall and re-install IIS.




James Chong (MVP)
MCITP | EMA; MCSE | M+, S+
Security+, Project+, ITIL
msexchangetips.blogspot.com

Exchange: Bulk Remove X.400 Address Using Admodify

Summary: This article will go over how to remove legacy X.400 addresses in bulk using Admodify. X.400 addresses were used in Exchange 5.5 and may not be required. However; removing the recipient policy for your X.400 address will not remove the addresses from your users.


To remove X.400 addresses in bulk:

1. Download Admodify

http://www.computerperformance.co.uk/w2k3/utilities/admodify.htm

2. Launch Admodify.exe

3. Modify Attributes

4. Domain List = Choose your domain; Domain Controller = Select your DC

5. Click the Green Arrow

6. Double click your domain in the white pane. This will expand your OU list. You can highlight just the OU you wish your query or highlight the domain to work with all objects in your domain.

7. Click Add to list. This will enumerate your users in the right pane. Click Select All and next.

8. Click the Custom Tab.

9. Check "Make a Customized Attribute Modification"

Attribute name: proxyAddresses
Attribute value: X400:c=US;a= ;p=mycompany;o=FC;s=%'sn'%;g=%'givenName'%;


Note: You need to substitute p=mycompany and o=FC with your own values by checking an existing x.400 address of your user.


10. Check Multivalued Remove and click Go.

11. Verify by checking a user or check the XML log that was produced in the same directory of your admodify.exe file.


Note: Do not forget to delete or uncheck your recipient policy for your x.400 address in ESM.



James Chong (MVP)
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

Exchange: The format of the e-mail address is incorrect

Summary: When sending to an internal user; you receive the following NDR:


Your message did not reach some or all of the intended recipients.

Subject: test ignore
Sent: 1/21/2008 11:50 AM

The following recipient(s) cannot be reached:

Joe Test on 1/21/2008 11:50 AM
The format of the e-mail address is incorrect. Check the address, look up the recipient in the Address Book, or contact the recipient directly to find out the correct address.




Resolution: A second SMTP proxy was added. However sending to this SMTP proxy would fail. The email address was correctly formatted without any special characters. A simple removing of the SMTP address and re-entering it in worked without issue. The cause could've have been pasting the address. Sometimes pasting can cause issues.



James Chong (MVP)
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

Exchange 2007: Free Busy Not Available for 2003 Users

Summary: Exchange 2007 users cannot view Free Busy for users on Exchange 2003

Resolution: Copy the Free Busy System from to Exchange 2007.

1. Open Exchange 2003 System Manager.
2. Scroll to Administrative Groups and Folders
3. Right click Public Folders - View System Folders
4. Expand Schedule + Free Busy
5. You should see Free Busy subfolders starting with EX: Right click each one properties, replication tab. Add your Exchange 2007 server.

Let it replicate and check 15-30 minutes.


James Chong (MVP)
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

Exchange 2007: This Ca Root Certificate Is Not Trusted. To enable Trust, Install This Certificate In The Trusted Root Certification Authorities Store.

Summary: Exchange 2007 CAS server uses a self signed cert. Depending on what services your CAS role plays you may get the following error:

"This Ca Root Certificate Is Not Trusted. To enable Trust, Install This Certificate In The Trusted Root Certification Authorities Store"


Cause: In this instance, I had my CAS server using a Self Signed Cert for the Address book distributin in the Default Web Site while using a Valid third party commercial Cert for OWA. This worked fine using the article below.

Exchange 2007 and SSL Certificates
http://www.sembee.co.uk/archive/2007/01/21/34.aspx


However when viewing FREE\Busy info, the Cert error would appear with the error:

"This Ca Root Certificate Is Not Trusted. To enable Trust, Install This Certificate In The Trusted Root Certification Authorities Store"


Solution:

1. Go to the Default Web Site in IIS and remove the Self Signed Cert. Right click the Default Web Site, Directory Security, Server Certificate, Next, and Remove the cert.

2. Open Certificates in MMC. Go to Run, MMC. File Add Remove Snap In, Add Certificates; Computer Account; Local Computer and Click OK.

3. Once your Certificates MMC is open Go to Personal Certificates. Right Click Request New Cert, Next, Friendly Name = Hostname of your Server and Next and Finish.

4. Copy the new cert to the Trusted Root Certification Authorities Certificates.

5. Go back to the Default Website in IIS, Properties, Diretory Security, Server Certificate. Assign an existing certificate and choose the new cert that was created.

6. Issue IISRESET from your command prompt.



James Chong (MVP)
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

Active Directory: Convert Global Groups to Universal Groups Bulk

Summary: There may come a time when you need to convert your Global Groups into Universal Groups such as if you're in a multi-domain Forest. This is because the Global Catalog server does not have a copy of Global Groups in other domains. This can cause a problem with Distribution list expansion.


Tip: To bulk change your Global Security or Distribution Groups into Universal Groups; you can use Admodify using the custom attribute tab of "groupType"


Download Admodify:

ftp://ftp.microsoft.com/PSS/Tools/Exchange%20Support%20Tools/ADModify


1. Launch ADMODIFY.EXE
2. Click Modify Attributes
3. Domain List=Choose your Domain; Domain Controller=Choose your DC
4. Check only Groups; Check Advanced Features; Click Traverse Subcontainers
5. Click the Green Arrow and now highlight your Domain
6. Click Custom LDAP query.

Global Security Groups

(&(objectcategory=group)(grouptype:1.2.840.113556.1.4.803:=-2147483646))


7. Click Add to list and click OK
8. Select All and click next.
9. Click Custom Tab. Click Make a customized attribute modification

Attribute Name: groupType
Attribute Value: -2147483640


Click Ok. This will convert your Global Security Groups to Global Universal Groups.

Use the following Chart to convert your Global Distribution Groups.


[Group Scope] [Group Type] [groupType value] [sAMAccountType attribute]

[Universal] [Distribution] [8] [268435457]
[Universal] [Security] [-2147483640] [268435456]
[Global] [Distribution] [2] [268435457]
[Global] [Security] [-2147483646] [268435456]
[Domain Local] [Distribution] [4] [536870913]
[Domain Local] [Security] [-2147483644] [536870912]


James Chong (MVP)
MCITP | EMA; MCSE | M+, S+
Security+, Project+, ITIL
msexchangetips.blogspot.com

Exchange 2007: Messages Not Received to Distribution Group

Summary: After installing a CAS server; sending to particular distribution groups do not work. Adding yourself to the group; you do not received messages. No NDR messages are received as well.

When Telnetting and sending the message

Telnet: CASServer 25
Mail from:youraccount@yourdomain.com
Rcpt to:DLGroup
Data
.
.
Message Sucessfully Queued


Users do not receive messages that belong to the Distribution Group


Solution: Verify that the group is a Universal Group if you're in a multi-domain forest. There were no issues sending to the DL prior to the introduction of a 2007 CAS.



James Chong (MVP)
MCITP | EMA; MCSE | M+, S+
Security+, Project+, ITIL
msexchangetips.blogspot.com

Exchange 2007: POP3 ERR Command is not valid in this state

Summary: POP applications report ERR "Command is not valid in this state" after supplying credentials. To verify you try telnetting to POP port 110 of your CAS server:

Telnet CASServer 110
User Myaccount
Pass Mypass
ERR Command is not valid in this state


Resolution: Open your Exchange Shell and enter:

Set-PopSettings -LoginType PlainTextLogin

Restart your POP3 service


James Chong (MVP)
MCITP | EMA; MCSE | M+, S+
Security+, Project+, ITIL
msexchangetips.blogspot.com

Exchange 2007: ActiveSynch Does Not Work With Exchange 2003 Mailboxes

Summary: Exchange 2007 ActiveSync does not with with mailboxes on Exchange 2003. When entering username and password; password keeps prompting.

To verify Activesync; go to
https://hostname/Microsoft-Server-ActiveSync on your CAS server. If you receive HTTP 501/HTTP 505 Activesync is working.


Resolution: Enable Integrated authentication on your Microsoft-Server-Activesync
Virtual Directory on all your BackEnd 2003 Servers


James Chong (MVP)
MCITP | EMA; MCSE | M+, S+
Security+, Project+, ITIL
msexchangetips.blogspot.com

Exchange 2007: Event ID 9589 Exceeded the max number of 6 Storage Groups on this server

Summary: Exchange 2007 fails to mount additional databases after you've created 5 Storage Groups. In additional, you get Event ID:9589 "Exceeded the max number of 6 Storage Groups on this server."

You have verified that your Exchange 2007 Edition is Enterprise in the EMC GUI.


Resolution:

Re-enter your product key in the Shell and restart your information store.

[PS] H:\>set-exchangeserver -identity dcex01 -productkey XXXX-XXXX-XXXX-XXXX-XXXX

WARNING: The Exchange server "DCEX01" is already licensed.
WARNING: The product key has been validated and the product id has been
successfully created. Note: This change will not be complete until the store
has been restarted.


Cause: Unknown



James Chong (MVP)
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

SMTP: No DATA command sent-rset

Summary: Messages sent to a relay server (Surgemail) would often have messages not get delivered. Messages were being delivered through an ASP application. However some messages would go through. Performing a telnet session works fine. When checking the SMTP logs the client would issue a rset command after the RCPT TO: command. The SMTP server (surgemail) would reply with an recipient ok and would be received by the client.



Cause:

The cause was Symantec AntiVirus 10.0.0.359 running the Internet E-mail Auto Protect. Disable the feature.





James Chong (MVP)
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

Active Directory: Copy Distribution List Members to Another Distribution List

Summary: In this example, we will copy all members from one Distribution Group to another Distribution Group.

Copy the contents below and save as copymembers.vbs to C: drive


Const ADS_GROUP_TYPE_GLOBAL_GROUP = &H2

Set objOU = GetObject("LDAP://OU=Security Groups, dc=company, dc=com")
Set objOldGroup = GetObject("LDAP://CN=mysourcegroup, ou=security groups, dc=company, dc=com")
Set objNewGroup = GetObject("LDAP://CN=mytargetgroup, ou=security groups, dc=company, dc=com")

On Error Resume Next
For Each objUser in objOldGroup.Member
objNewGroup.Add "LDAP://" & objUser
Next


Open Command prompt:

C:\>cscript copymembers.vbs


The script will copy all members in the "mysourcegroup" Distribution List to your "mytargetgroup" Distribution List.


Note: Some organizations like to use # in front of their Distribution List names so they appear together in the GAL. Because this is a special character it will need to be in double quotes to treat # as a literal.

Example:
("LDAP://""CN=mysourcegroup""


James Chong (MVP)MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com

How useful was this article? Want to see a tip not listed? Please leave a comment.