At one of my customers we’ve started provisioning all new users directly to Exchange 2010, while the old users are being progressively migrated from Exchange 2007. I modified the provisioning code for Exchange 2010 (basically just adding the msExchHomeServerName attribute as explained in this doc) and new users and mailboxes were created just fine.
What I didn’t expect was that this would break password sync.
When you have the Exchange 2007 or Exchange 2010 provisioning option enabled on the AD MA, the Update-Recipient cmdlet is run after every export – apparently even when the update has nothing to do with mail attributes. When the user is still on Exchange 2007, but you’ve enabled Exchange 2010 provisioning, this cmdlet causes an error. Unfortunately if the AD is also a password sync target the behaviour is worse – it actually crashes the miiserver.exe process!
I have put the following workaround in place until all users are migrated to Exchange 2010:
- I’ve left the provisioning code configured for Exchange 2010 provisioning – this populates the necessary attributes.
- I’ve set the MA’s Exchange option to “No provisioning”.
- I run the following powershell command from a scheduled task to complete the process of creating the mailboxes:
get-user -resultsize unlimited | where {$_.RecipientTypeDetails -eq 'LegacyMailbox'} | update-recipient