Here’s another trick that is really very simple, but, for reasons I can’t figure out, difficult to find out about. Despite what the documentation seems to say (and despite what I have read MS employees categorically stating), you CAN add an Exchange mailbox to an account that already exists in AD.
Bundled with MIIS are various programming extensions we make use of, including the ExchangeUtils. This collection of methods simplifies the creation of Exchange users, contacts and distribution lists – but like all these things it has its own quirks and apparent oversights.
You may well think, on first glance, that ExchangeUtils.CreateMailEnabledUser would create a User+Mailbox, and ExchangeUtils.CreateMailbox would just create a mailbox, however this is not the case. If you want to create a User+Mailbox then what you need is actually ExchangeUtils.CreateMailbox. Don’t ask me what ExchangeUtils.CreateMailEnabledUser is for – I never did find a use for it.
So, if you just need to create brand new users, complete with mailbox, then you’re set – use ExchangeUtils.CreateMailbox in your provisioning code, as per the examples in the Developers Reference.
BUT this isn’t always enough. There are plenty of cases where you may want to add a mailbox to an existing user account. You don’t want to create a new one, because then the poor ole user will lose her password and profile. Happily it is perfectly possible to do, you just use the export flow rules in your MAExtension to set the following values:
- homeMDB
- mDBUseDefaults
You’re going to need some tests before you can decide if a mailbox is needed. The first question to answer is does the user already have a mailbox? I like to use msExchMailboxGUID for this. I flow the value from AD into the metaverse, and then it’s a simple matter of checking
If mventry(“msExchMailboxGUID”).IsPresent
Your next question is should the user have a mailbox? This is a test you can perform either in the MVExtension or in the MAExtension, though if you use the MAExtension you will have to repeat the test for each export flow rule. If you make the decision in the MVExtension then use a Utils.TransactionProperties to set a flag:
If <<some condition>> Then
Utils.TransactionProperties(“CreateMailbox”) = TRUE
End If
The MAExtension code will then look something like this:
Public Sub MapAttributesForExport(ByVal FlowRuleName As String, ByVal mventry As MVEntry, ByVal csentry As CSEntry) Implements IMASynchronization.MapAttributesForExport()
Select Case FlowRuleName
Case “exportHomeMDB”
If Utils.TransactionProperties(“CreateMailboxâ€) Then
csentry(“homeMDB”).Value = “CN=” & _
mventry(“MDB”).Value & “,CN=” & _
mventry(“StorageGroup”).Value & _
“,CN=InformationStore,” & _
“CN=” & mventry(“MailServer”).Value & “,” & _
EXCHANGE_DN
End IfCase “exportMDBUseDefaults”
If Utils.TransactionProperties(“CreateMailboxâ€) Then
csentry(“mDBUseDefaults”).Value = True
End IfCase Else
Throw New UnexpectedDataException(“Unexpected flow rule name: ” & FlowRuleName)End Sub
The flow rule for homeMDB looks a bit complicated, but we’re really just constructing a long string. Use your preferred LDAP tool (I like Softerra, but you can use Ldp if you must) to have a look at some existing homeMDB settings in your AD forest. In my example I have the values for MDB, StorageGroup and MailServer already in the metaverse, but you may be looking them up in an XML file or something – whatever suits your installation best.
Hey Carol,
Question for you, how is it that you’re able to flow this back to a reference attribute? I assume that’s my problem as I’ve yet to get this to work. I’ve followed your example, and even explicitly stated the full DN of the homemdb in the MAextension as a last resort. When previewing the object that should be getting the update, I just get a status of not applied.
Thoughts?
This post was written for Exch 2003, but I haven’t tried it with 2007. Which version of Exchange do you have?
Exchange 2003.
Then you should be able to get it working. Have you followed through the code in debug mode and see what’s happening? The “not applied” makes me think that the export flow rule is not actually running. Check that all the metaverse attributes you’ve selected for the flow rule are actually populated, and also do full syncs rather than deltas.
Not sure what the deal was. Since I have to come up with a solution that appropriately assigns the mailbox to one of a hundred available stores, I came up with a different solution involving identifying each store to a business unit, looking at the store size and then provisioning the mailbox to the smallest store available for that business unit. All this is done using a custom view and a SQL MA. I then float the homemdb and mailnickname back to my users, and I’m all set.
Thanks for your posts. It’s tough to find good MIIS resources out there, and I’ve gotten a lot of good info from yours.
Sounds like a great solution! Glad to hear you worked it out.
Carol,
I have another question. Similar to adding an Exchange account to an existing A.D. user, would you know how to go about removing an existing Exchange account, leaving the A.D. account enabled? (My environment is Exchange 2007 and ILM 2007)
Thanks.
Ron,
This may well be tricky to do properly as there isn’t even a powershell cmdlet that will remove just the mailbox (remove-mailbox deletes the user account as well – very strange). Try taking a snapshot of a user’s attributes using an ldap browser, then disable the mailbox in Exchange Mgmt Console, and then take an after snapshot. You should be aqble to work out what you need to change from ILM to achieve the same effect.
Hi, Carol,
I have an exact problem trying to create mailboxes for existing AD users by exporting the homeMDB as a reference attribute. When I tried to use the advance attribute flow, I got the following error message from MIIS.
Metaverse reference attributes can not be defined as source attributes for rules extension export flow.
How did you resolve this problem?
My environment is quite simple with W2K3 domain controllers and Exchange2003.
The following are my codes,
Public Sub MapAttributesForExport(ByVal FlowRuleName As String, ByVal mventry As MVEntry, ByVal csentry As CSEntry) Implements IMASynchronization.MapAttributesForExport
‘ TODO: Add export attribute flow code here
Select Case FlowRuleName
Case “homeMDB”
If Not mventry(“homeMDB”).IsPresent Then
csentry(“homeMDB”).Value = “CN=Mailbox Store (BINHRAEXCT001),CN=First Storage Group,CN=InformationStore,CN=BINHRAEXCT001,CN=Servers,CN=Highlands Ranch,CN=Administrative Groups,CN=CBI,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=rbiustest,DC=net”
End If
End Select
‘Throw New EntryPointNotImplementedException
End Sub
Hi there.
According to the error message you’re using a reference DN attribute in the metaverse as one of the source attributes for your flow rule. You can’t do that.