Monday, March 19, 2012

Exchange 2010 Bulk Mailbox enable of Mail users

If you need to change your Mail enabled users to Mailbox users you can user the script below.

You can use wildcards in the identity field or drop -Identity and use -organizationalUnit yourOU.
 
get-MailUser -Identity usernameofuser | Enable-Mailbox -Database "Whatever DB" | get-mailbox |
select name,windowsemailaddress,database

Thursday, March 15, 2012

Exchange 2010 Scripting New-MoveRequest

Exchange 2010 New-MoveRequest can be scripted to take input form a csv and pipe into the New-MoveRequest command.

Here's how I did it...

Command required was:
New-MoveRequest -Identity "CN=Test User,OU=Your OU,OU=Another OU,DC=YourDC,DC=local" -RemoteLegacy -TargetDatabase "EXCH-DB" -RemoteGlobalCatalog "dc.olddomain" -RemoteCredential $Remote -TargetDeliveryDomain "yourdomain.com"

The unique fields required are "CN=Test User,OU=Your OU,OU=Another OU,DC=YourDC,DC=local" which is the distinguishedName of the user we are going to migrate and "EXCH-DB" which is the Exchange Database we want to put the Mailbox in.

First we need to get the distinguishedName for all the users we want to migrate. Here's the script http://sjmeyers.blogspot.com.au/2012/03/vb-script-to-get-distinguishedname-from.html

Then we need to setup our csv file with as the first entry in column 1 distinguishedName, the first entry in column 2 TargetDB.
Then insert the required data


Save the csv as mbusers.csv on the Exchange Server

In Exchange Power Shell

We are connecting to a remote Forest for so first we need to setup the remote credentials
$remote = Get-Credential











Make sure the csv file is in the correct directory and run the following command

import-csv mbusers.csv | foreach {New-MoveRequest -Identity $_.distinguishedName -RemoteLegacy –TargetDatabase $_.TargetDB -RemoteGlobalCatalog "dc.olddomain" -RemoteCredential $Remote -TargetDeliveryDomain "youremaildomain.com"}







If all goes well you should see the move process start.

To check on the progress run Get-MoveRequest

VB Script to get distinguishedName from AD

If you need to get the distinguishedName attribute from Active Directory you can use the script below.

You will need a list of users in c:\scripts\users.txt

The script will output to c:\scripts\dn.txt

OptionExplicit

Dim objRootDSE, strDomain, strUsername, objConnection, objCommand, objRecordSet, strDN
Dim objFSO, objFSO2, objTextFile, objTextFile2, strNextLine, arrUserList, i
Const ADS_SCOPE_SUBTREE = 2

' Get domain components
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")

'Setup Constants for input and output files
Const ForReading = 1
Const ForAppending = 8

'Open input file
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile _
    ("c:\scripts\users.txt", ForReading)
'loop
DoUntil objTextFile.AtEndOfStream
    strNextLine = objTextFile.Readline
    arrUserList = Split(strNextLine , ",")
    'Wscript.Echo "User: " & arrUserList(0)
    
    ' Get username to search for
    strUsername = arrUserList(0)
    'Wscript.Echo strUsername
    ' Set ADO connection
    Set objConnection = CreateObject("ADODB.Connection")
    objConnection.Provider = "ADsDSOObject"
    objConnection.Open"Active Directory Provider"

    ' Set ADO command
    Set objCommand = CreateObject("ADODB.Command")
    Set objCommand.ActiveConnection = objConnection
    objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
    objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='user' AND samAccountName = '" & strUsername & "'"

    ' Set recordset to hold the query result
    Set objRecordSet = objCommand.Execute

    ' If a user was found - Retrieve the distinguishedName
    IfNot objRecordSet.EOFThen
        strDN = objRecordSet.Fields("distinguishedName").Value
            'Write to Output file
        Set objFSO2 = CreateObject("Scripting.FileSystemObject")
        Set objTextFile2 = objFSO2.OpenTextFile _
        ("c:\scripts\dn.txt", ForAppending, True)    
        objTextFile2.WriteLine(strDN)
        objTextFile2.Close
    Else
        'Can't find the user
        MsgBox"Username not found " & arrUserList(i)
    EndIf
Loop
MsgBox"Finished getting DN for usernames check c:\scripts\dn.txt"

Exchange 2010 New-MoveRequest Fails

I just had an issues when I tried to Migrate some mailboxes from Exchange 2003 to 2010

We have 2 Internal Domains and SMTP namespace sharing setup between Exchange 2003 in old Domain and Exchange 2010 in the new Domain.

Users and been mirgated using ADMT. All users in the new Domain have been mail enabled (using a script). The Mailboxes have moved using New-MoveRequest from the Exchange Powershell.

Most mailboxes migrated without any problems but we had some fail with the error:

Cannot find a recipient that has mailbox GUID.

I found that some of the mail enabled accounts didn't have the targetAddress attribute set.

Setting the email adress on the targetAddress attribute fixed the problem...
BTW: There other reasons for getting this message such as the GUID being different.






















After the Mailbox migrated this attribute returned to <not set> which is correct if the Mailbox is inside the local Exchange Organisation.

Tuesday, March 13, 2012

Exchange 2010 Loop

I just resolved an issue with Exchange 2010 where I was getting loop detected.
Our setup is Exchange 2003 in old domain, Exchange 2010 in new domain with SMTP namespace sharing. http://blog.mimecast.com/2011/06/guest-post-migrating-between-email-servers-smtp-namespace-sharing/

Mail flow was working fine with some users but other users couldn't receive mail at all.

Message tracking logs showed there was a loop
C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\MessageTracking
ExchangeServer,,,LoopDetected,,SMTP,DEFER,0,,testuser@contoso.com

The Queue Viewer showed that a local loop was detected


I found that the targetAddress attribute was set in Active Directory


The value of the targetAddress attribute is the address of the user that is outside of the local Exchange  organization that mail should be sent to. When mail is sent to the mail-enabled user or contact, the mail is redirected to the address held in the targetAddress field.

Editing the targetAddress field and selecting Clear sets it to <not set>

After that I was able to send and recieve mail from that account.

BTW the targetAddress attribute can be cleared using Quest Active Server Roles powershell (run on the Domain Controller) here's what I used....

get-qaduser -LDAPFilter "(&(&(&(objectCategory=Person)(objectClass=User)(targetAddress=*)(homeMDB=*))))" | Set-QADUser -ObjectAttributes @{targetAddress=$null}

Let me break it down
get-qaduser get ADuser
-LDAPFilter Filter using an LDAP query
objectCategory=Person Person CategoryobjectClass=User Is a user
targetAddress=* Has the Target Address Set
homeMDB=* Has the homeMDB attribute set - We were doing Exchange 2003 migration in Exchange 2003 this attribute isn't set.
| Pipes users that meet above into our command to change the attribute
Set-QADUser Sets AD Attributes
-ObjectAttributes @{targetAddress=$null} Sets the targetAddress attribute to nothing ($null) in AD this will appear as <not set>