Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

ADC and Resource mailbox wizard

Posted on 2005-04-14
10
Medium Priority
?
723 Views
Last Modified: 2011-08-18
Hi all

I am in the middle of a migration from 5.5 to 2003. I have the ADC setup and
it is working fine. I have some users that are owners of resource mailboxes
on my 5.5 server. The users in question all have there accounts in the NT
domain and the ADC has created disabled user accounts for them in the AD
domain. I recently ran the resource mailbox wizard and it went through and
selected all the accounts that it thought was the owner of the mailbox. Now I
seem to have a big problem whenever i try and migrate a user account from NT
to AD using ADMT version 2 it errors out and says that the account already
exists. When i check the account in the AD domain the accoutn is i nthe
proper container and it is disabled, but when looking at the account tab in
the properties for the account i no longer see the random placeholder account
name that ADC creates i.e ADC_ZVKARFDGGY-1 instead is see the actual user
name of the account i.e juser, and i think this is why i get the error from
the ADMT saying the account already exist.

How do i fix this so i can migrate the user? If i can migrate the user
account i can then merge the accoutn using the AD cleanup wizard and this
will allow me to keep all the attributes.

Thanks very much for any help
0
Comment
Question by:kjman
  • 5
  • 5
10 Comments
 
LVL 4

Expert Comment

by:san_swa
ID: 13787280
This is what you need to do.:
Set the ADC Replication to Never.
Open Exchange 5.5 in RAW Mode. Click on Start-->Run Type following command C:\exchsrvr\bin\admin /r
Scroll down to Recepient, Select a Recepient name and click on File and Raw Properties.
"List Attributes type" to All.
Under Object Attributes look for ADC Global Names. Verify if this is populated.
If yes, remove those values.
Click on Apply and then on Ok.
Now, run the ADMT first and then run the ADC. Verify if that particular user has a disabled account.

Proper procedure is to perform
1)NTDSNoMATCH Attribute under Custom Attribute 10 for a user 2) ADMT 3)ADC 4) Move Mailbox.
ADMT saying the account already exist ---> This is because MSExchMasterAccountSid Value is already populated for disable user.
And this value is unique.
0
 

Author Comment

by:kjman
ID: 13792437
Hi Thansk for the jelp with this is really appreciate it.

I went into the 5.5 server in RAW mode and i removed the ADC attributes for one of the user accounts that was giving me the error "user already exist" when using ADMT, but the disabled account in AD is still present, and when i try and run ADMT to migrate the user account i stil lget the same error message " user account already exist" I turned of the ADC and set it to "never".

What am i missing with this. If i am understanding this corectly, if i remove the ADC Global Names attribute from a mailbox on the 5.5 server and then run ADMT should i then be able to migrate the user account without the error?

Many thanks again
0
 
LVL 4

Expert Comment

by:san_swa
ID: 13800569
"ADCGlobalName", value would help ADC/RCA and not ADMT Tool. Once you remove the ADCGlobalName Value, you need to do what is mentioned below.
Do you have Windows 2003 Support tools installed on the Domain?
If yes, open ADSI Edit, by tpying adsiedit.msc in the run window.
Expand the Domain NC--->Users ----> identify the user that are facing problem with.
Go to properties of that user, locate "MSExchMasterAccountSid" and "MSExchangeADCGlobalName".
Make sure that ADC/RCA replication is set to Never
Copy and paste those values before with the respected attribute name.
Delete those values from the ADSIEDIT and then run the ADMT Tool.
Run the ADMT Tool again. It should work.
If the error popups up, please tell us the exact error message and also check the application event log and try to identify if there is any error message pertaining to migrating users.



Download latest version of ADMT
http://www.microsoft.com/windows2000/downloads/tools/admt/default.asp
ADMT
http://www.windowsnetworking.com/kbase/WindowsTips/Windows2000/AdminTips/ActiveDirectory/ActiveDirectoryMigrationToolADMT.html
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 

Author Comment

by:kjman
ID: 13802872
Hi thanks for the reply.

I am a bit confused with part of your post. When you say

 "Go to properties of that user, locate "MSExchMasterAccountSid" and "MSExchangeADCGlobalName Make sure that ADC/RCA replication is set to Never
Copy and paste those values before with the respected attribute name.
Delete those values from the ADSIEDIT and then run the ADMT Tool.

Do i need to delet the values MSExchMasterAccountSid" and "MSExchangeADCGlobalName  of the disabled user account in question?

Also "Copy and paste those values before with the respected attribute name" ??

I know i am close i am jsut a bit confused with the proper order.  Please clarify

Many thanks
0
 
LVL 4

Expert Comment

by:san_swa
ID: 13803604
Sorry for the confusion :

1) Make sure that ADC/RCA replication is set to Never.
2) Go to properties of that user, locate "MSExchMasterAccountSid" and "MSExchangeADCGlobalName".
3) Copy and paste "MSExchMasterAccountSid" and "MSExchangeADCGlobalName" values. in Notepad before with the respected attribute name.
4) Delete those values from the ADSIEDIT and then run the ADMT Tool.
5) Run the ADMT Tool again. It should work.
0
 

Author Comment

by:kjman
ID: 13810570
Forgive me, i am still unlcear on the steps.

I have located the MSExchMasterAccountSid" and "MSExchangeADCGlobalName" values using ADSIEDIT. Do i now delete thos values from the user account or do i need to paste them into notepad for future reference?  Also when you say "attribute nam" what exactly are you refering to?

What i am thinking that i ahve to do is

#1 Stop the ADC

#2 delete the MSExchMasterAccountSid" and "MSExchangeADCGlobalName values using ADSIEDIT.

#3 run ADMT again migratge the user account

#4 then merge the newley migrated NT account with AD siabled account uisng AD cleanup wizard

At what point can i turn on the ADC?

Thansk very much i appreciate you helping me
0
 
LVL 4

Expert Comment

by:san_swa
ID: 13814478
Yes, you have to delete those values from the user account. I asked you to save them in Notepad, because incase something goes wrong you have the information that you deleted. I wanted you to save them like this in Notepad

MSExchMasterAccountSid :- (value of MSExchMasterAccountSid)
MSExchangeADCGlobalName :- (value of MSExchangeADCGlobalName)


Note:-
(value of MSExchMasterAccountSid) :- The information that you got from the user properties in the ADSIEDIT.

Once you delete those value run the ADMT, select the user and then migrate it again.
You do not have to Merge the Enable and Disabled account.
Once you see the Enabled user in Active Directory Users and Computer.
Run the ADC/RCA.


0
 

Author Comment

by:kjman
ID: 13815977
Ok so if i am underatanding you correctly this is what i need to do

#1 stop all replicaation on the ADC
#2 Open Exchange 5.5 in RAW Mode and remove the ADC Global Names for the user in question
#3 open ADSI Edit and remove the MSExchMasterAccountSid" and "MSExchangeADCGlobalName valuesof the suer accoutn in question

#4 Run ADMT and migrate the user account
#5 Turn on the ADC/RCA

I think this is it?
0
 
LVL 4

Accepted Solution

by:
san_swa earned 2000 total points
ID: 13820270
Yes, you got it right.
0
 

Author Comment

by:kjman
ID: 13820443
Thanks very much

What i noticed with this process is

When i stop the ADC, and remove the ADC Global Names attribute of the user, then use adsiedit and remove the MSExchMasterAccountSid" and "MSExchangeADCGlobalName values, when i run ADMT i still get the error user account already exist, but when i deletet the disabled user account from AD  and turn on the ADC/RCA the user account in question replicates over to AD as a disbaled account, and it is given a ADC_ZVKARFDGGY-1 randon place holder. Once i have this i am home free becaue i then can use ADMT to migrate the user accoutn without getting the error and then i can merge the accoutn using AD cleanup wizard. If i can merge the account i can keep all  the 5.5 attributes and they are populated into the AD account.

So if i am understanding this process.

When you delete the  ADC Global Names  and the MSExchMasterAccountSid" and "MSExchangeADCGlobalName of the user account and turn off ADC the account becomes orphaned and on the  on the AD side it loses all its knowledge about being replicated via the ADC. If this is correct then it makes sence when i delete all the values  delete the account from AD, the nturn on the ADC/RCA and force replication, then the ADC will see that it has to migrate a new 5.5 acccount over to AD and it will assign the account a randon  ADC_ZVKARFDGGY-1. If the account has this then i dotn get errors from ADMT and i can merge the disabled account with the migrated account and keep all the exchange 5.5 attributes.

Many thanks for your hlep i would have been lost without your help
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Stellar Exchange Toolkit: this 5 in 1 toolkit comes loaded with mega-software tool. Here’s an introduction to tools’ usage and advantages:
If you have come across a situation where you need to find some EDB mailbox recovery techniques, then here you will find the same. In this article, we will take you through three techniques using which you will be able to perform EDB recovery. You …
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question