bobbyrs
asked on
Active Directory and Exchange Problem?
Exchange 2000 isn't adding users newly created mailboxes when created with Active Directory? I have got the domain server setup (forestprep and domainprep) and Exchange 2000 Server installed on another primary Exchange server that is a member of the domain, but I can't get Active Directory to fully communicate with the Exchange Server. Exchange and Active Directory appears to be setup correctly. All nltest commands work properly. RUS is correct. I get no error messages at all in event viewer on anything. Everytime I go and try to query the exchange server to resolve the users name it doesn't find it. Which I expected because the users mailbox doen't show in Exchange mailboxes. Can anyone help????
Make sure that the Exchange management tools are installed on the machine you are adding the users from.
Did you install ADC yet? (Active Directory Connector). this needs to sync up your AD and exchange when create a new account on AD. without it you have to create user and mailbox seperately.
When you create an account in Active Directory and choose to mailbox enable it....you MUST send it a piece of mail, or logon to it before it will show up in the Mailboxes column in Exchange system manager.
So try this -
Create a test account and mailbox enable it.
Look in ESM - check mailboxes - it WON'T show yet.
Wait for replication to occur between ALL DC's -
Wait for the RUS to stamp the e-mail address
Login directly to that mailbox -
Once you login to the mailbox, the rest of the Sec. attributes are stamped, and the information store object is created.
- Now check the Exchange system manager, you will see the mailbox object, - then try to checkname.
So try this -
Create a test account and mailbox enable it.
Look in ESM - check mailboxes - it WON'T show yet.
Wait for replication to occur between ALL DC's -
Wait for the RUS to stamp the e-mail address
Login directly to that mailbox -
Once you login to the mailbox, the rest of the Sec. attributes are stamped, and the information store object is created.
- Now check the Exchange system manager, you will see the mailbox object, - then try to checkname.
ASKER
Thanks for all the replies! The Ex Tools were not loaded on the DC. So I have done that now and looking into it....
Yeah, I have ADC installed on both systems and it is working correctly. I have no errors anywhere on the Exchange server at all. No where in event viewer does it log an error. I even tried turning on max logging for ExchangAL, rebuilt the RUS, and then restarted all Exchange services, and still did not get any errors....
As for the email question... I can't get the workstation to resolve the names in Outlook to get it to access their EXchange account. So I can't send an email to it at all.
Again, thanks for all the help!
Yeah, I have ADC installed on both systems and it is working correctly. I have no errors anywhere on the Exchange server at all. No where in event viewer does it log an error. I even tried turning on max logging for ExchangAL, rebuilt the RUS, and then restarted all Exchange services, and still did not get any errors....
As for the email question... I can't get the workstation to resolve the names in Outlook to get it to access their EXchange account. So I can't send an email to it at all.
Again, thanks for all the help!
ASKER
Well, I have loaded the Ex tools on the DC. So now they are on the DC and EX servers. I have since restarted both servers as well as the workstation of the account I am trying to do. I still cannot resolve the name when trying to configure Outlook. The users mailbox still does not show up in ESM.
Just to show what I have done:
1. Ran Forestprep on the DC.
2. Ran Domainprep on the DC.
3. Installed Exchange 2000 Server on a new Exchange Server in the same domain. (Including the tools)
4. Installed ADC on both servers.
5. Installed Exchange Tools on the DC.
What have I tried and verified:
1. DNS is working correctly on the ExServer.
2. The DC does recognize that the ExServer is the ExServer.
3. ADC appears to be working correctly. (I installed it on both servers and both servers show a connector for both servers. Should it show more??? Recipient Connection Agreements???)
4. Ran nltest to verify that everything is configured properly.
5. Checked event login on Exchange starting up, no errors.
6. Rebuilt RUS, still okay.
Any other suggestions?
Just to show what I have done:
1. Ran Forestprep on the DC.
2. Ran Domainprep on the DC.
3. Installed Exchange 2000 Server on a new Exchange Server in the same domain. (Including the tools)
4. Installed ADC on both servers.
5. Installed Exchange Tools on the DC.
What have I tried and verified:
1. DNS is working correctly on the ExServer.
2. The DC does recognize that the ExServer is the ExServer.
3. ADC appears to be working correctly. (I installed it on both servers and both servers show a connector for both servers. Should it show more??? Recipient Connection Agreements???)
4. Ran nltest to verify that everything is configured properly.
5. Checked event login on Exchange starting up, no errors.
6. Rebuilt RUS, still okay.
Any other suggestions?
ASKER
Well, I have loaded the Ex tools on the DC. So now they are on the DC and EX servers. I have since restarted both servers as well as the workstation of the account I am trying to do. I still cannot resolve the name when trying to configure Outlook. The users mailbox still does not show up in ESM.
Just to show what I have done:
1. Ran Forestprep on the DC.
2. Ran Domainprep on the DC.
3. Installed Exchange 2000 Server on a new Exchange Server in the same domain. (Including the tools)
4. Installed ADC on both servers.
5. Installed Exchange Tools on the DC.
What have I tried and verified:
1. DNS is working correctly on the ExServer.
2. The DC does recognize that the ExServer is the ExServer.
3. ADC appears to be working correctly. (I installed it on both servers and both servers show a connector for both servers. Should it show more??? Recipient Connection Agreements???)
4. Ran nltest to verify that everything is configured properly.
5. Checked event login on Exchange starting up, no errors.
6. Rebuilt RUS, still okay.
Any other suggestions?
Just to show what I have done:
1. Ran Forestprep on the DC.
2. Ran Domainprep on the DC.
3. Installed Exchange 2000 Server on a new Exchange Server in the same domain. (Including the tools)
4. Installed ADC on both servers.
5. Installed Exchange Tools on the DC.
What have I tried and verified:
1. DNS is working correctly on the ExServer.
2. The DC does recognize that the ExServer is the ExServer.
3. ADC appears to be working correctly. (I installed it on both servers and both servers show a connector for both servers. Should it show more??? Recipient Connection Agreements???)
4. Ran nltest to verify that everything is configured properly.
5. Checked event login on Exchange starting up, no errors.
6. Rebuilt RUS, still okay.
Any other suggestions?
Wow, i'm interested to know, do the accounts actually show the Exchange tabs?
Install the Windows 2000 support tools on one of your domain controllers.
Run ADSIEDIT
Expand Configuration Container
Expand CN=Configuration
Expand CN=Services
Now, tell me, do you see CN=Microsoft Exchange?
If so,
Expand CN=Microsoft Exchange - do you see all of the Exchange 2000 stuff?
~~~~~~~~~~~~~~~~~~~~~~~~~~
I'm asking all of the above because you are supposed to install the ADC BEFORE running forestprep and domain prep.
Forestprep - Extends the Active Directory Schema with all of the Exchange 2000 attributes required. When running, forestprep creates a "Temp Config_CA" in order to write to Active Directory. If the ADC wasn't installed first, then i have a bad feeling about forestprep. However, Forestprep will usually error out with no ADC.
~~~~~~~~~~~~~~~~~~~~~~~~~~
After installing the support tools -
1. Click Start\Run: then type "LDP" - click enter.
The LDP tool will open:
2. Click on "Connection\Connect"
3. Type in a DC name using Port 389 - then click okay
4. Next, click on "Connection\Bind"
5. Type in a domain administrator's credentials - click okay
6. Then click on "View\Tree" - Leave baseDN blank, and click okay
Now you will see the domain hierarchy on the top left hand corner.
7. Expand the domain -
8. Then expand Users (or where ever the users are)
9. Highlight one of the problem users -
10. Click on "Connection\New" - this will clear the right hand side
11. Then double-click the user
The right hand side will now be filled with only the problem user's Active Directory attributes -
Now you say that they cannot resolve names, i want to see if all of the Exchange attributes have been applied.
12. Highlight and copy EVERYTHING on the right hand side, and post it here please. There are certain attributes we must have in order for check name to occur.
Install the Windows 2000 support tools on one of your domain controllers.
Run ADSIEDIT
Expand Configuration Container
Expand CN=Configuration
Expand CN=Services
Now, tell me, do you see CN=Microsoft Exchange?
If so,
Expand CN=Microsoft Exchange - do you see all of the Exchange 2000 stuff?
~~~~~~~~~~~~~~~~~~~~~~~~~~
I'm asking all of the above because you are supposed to install the ADC BEFORE running forestprep and domain prep.
Forestprep - Extends the Active Directory Schema with all of the Exchange 2000 attributes required. When running, forestprep creates a "Temp Config_CA" in order to write to Active Directory. If the ADC wasn't installed first, then i have a bad feeling about forestprep. However, Forestprep will usually error out with no ADC.
~~~~~~~~~~~~~~~~~~~~~~~~~~
After installing the support tools -
1. Click Start\Run: then type "LDP" - click enter.
The LDP tool will open:
2. Click on "Connection\Connect"
3. Type in a DC name using Port 389 - then click okay
4. Next, click on "Connection\Bind"
5. Type in a domain administrator's credentials - click okay
6. Then click on "View\Tree" - Leave baseDN blank, and click okay
Now you will see the domain hierarchy on the top left hand corner.
7. Expand the domain -
8. Then expand Users (or where ever the users are)
9. Highlight one of the problem users -
10. Click on "Connection\New" - this will clear the right hand side
11. Then double-click the user
The right hand side will now be filled with only the problem user's Active Directory attributes -
Now you say that they cannot resolve names, i want to see if all of the Exchange attributes have been applied.
12. Highlight and copy EVERYTHING on the right hand side, and post it here please. There are certain attributes we must have in order for check name to occur.
If you don't want to post the user's attributes - then once you have double-clicked the user in order to populate their attributes on the right hand side, you can click on "Connection\Save As"
Make sure to save it as a .TXT file.
You can then send the txt file to kevin.alan@verizon.net for me to review.
Make sure to save it as a .TXT file.
You can then send the txt file to kevin.alan@verizon.net for me to review.
ASKER
I got it!!!!!!! The problem was with Q299687 hotfix. It makes the RestrictAnonymous registry key set to 2 so that you can’t get valid user names from the server with null connections. I changed it back to 0 and it now works!
The issue is the following: IF you have installed Q299687 and then configure the RestrictAnonymous registry key to 0x2 (so that anonymous users can’t browse user lists – recommended otherwise) users can’t:
* Browse the Global Address List
* Modify the MAPI profile
* Resolve names when composing a new mail
Setting the registry key to 0x0 will fix this though!
More can be found here:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q309622
Thanks to everyone that offered suggestions. I just can't believe it was something so small as a registry setting. I am also glad the problem wasn't me:) But MS:( Again, thanks!!!!!
The issue is the following: IF you have installed Q299687 and then configure the RestrictAnonymous registry key to 0x2 (so that anonymous users can’t browse user lists – recommended otherwise) users can’t:
* Browse the Global Address List
* Modify the MAPI profile
* Resolve names when composing a new mail
Setting the registry key to 0x0 will fix this though!
More can be found here:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q309622
Thanks to everyone that offered suggestions. I just can't believe it was something so small as a registry setting. I am also glad the problem wasn't me:) But MS:( Again, thanks!!!!!
ASKER
Anyone no how to close this question and get my allocated points back?
ASKER
Since I can't ask start another question, I guess I will continue using these points for another one:
I have set up a smtp connector within Ex2000 to communicate with an Ex5.5 server on a different network/domain (connected through a router). I can send email from the Ex2000 server to the Ex5.5 server, but I cannot send it from the Ex5.5 to the Ex2000 server????? Anyone have any ideas why I can do this and not receive mail from the Ex5.5 server???
This used to be done correctly. Exchange was running on a SBS2000 server with IP 192.168.16.2. But I have since rebuilt the SBS2000 server with IP address of 192.168.16.1 and moved Exchange 2000 onto a separate server with an IP address of 192.168.16.2. I have played with the SMTP mail connector (Ex2000) and Internet Mail Service (Ex5.5) many times and have tried everything with them. Thanks in advance for any suggestions.
I have set up a smtp connector within Ex2000 to communicate with an Ex5.5 server on a different network/domain (connected through a router). I can send email from the Ex2000 server to the Ex5.5 server, but I cannot send it from the Ex5.5 to the Ex2000 server????? Anyone have any ideas why I can do this and not receive mail from the Ex5.5 server???
This used to be done correctly. Exchange was running on a SBS2000 server with IP 192.168.16.2. But I have since rebuilt the SBS2000 server with IP address of 192.168.16.1 and moved Exchange 2000 onto a separate server with an IP address of 192.168.16.2. I have played with the SMTP mail connector (Ex2000) and Internet Mail Service (Ex5.5) many times and have tried everything with them. Thanks in advance for any suggestions.
ASKER
Never mind. I figured that one out. Now, back to how I ca close this question out and regain my points...
No comment has been added lately, so it's time to clean up this question.
I will leave the following recommendation for this question in the Cleanup topic area:
PAQ - Refund
Please leave any comments here within the next four days.
Bembi
EE Cleanup Volunteer
I will leave the following recommendation for this question in the Cleanup topic area:
PAQ - Refund
Please leave any comments here within the next four days.
Bembi
EE Cleanup Volunteer
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.