Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Adding Exchange rights to AD 2008 users without mailboxes

Posted on 2010-09-01
4
Medium Priority
?
874 Views
Last Modified: 2012-08-14
After posting in an older question I gave up temporarily. On a side search I found an answer to my problem and it works. However it is time consuming and where several accounts exist I'd like a quicker way to modify the advanced attributes of an account rather than via the Attribute Editor in AD Users & Computers MMC.

See: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_26262511.html for more info.

Basically what has been happening is at the start of the year 100+ accounts were bulk created using csvde and for some reason in the creation process the default Exchange attributes were not passed onto a multitude of these accounts.

To allow the users to link into Exchange there are 2 ways of doing it, delete & recreate each account and then get phone calls when users passwords are reset, etc, reset user share attributes (SID's) or edit each account & copy & paste several long account settings into their AD account.

What I want to know is if there is some way using CSVDE for example to MODIFY an account rather than export/import..

I had a look at dsmod but it looks like the extended attribute set isn't available.

Extended attribute set needing modified (defaults):
homeMDB
homeMTA
msExchHomeServerName
msExchRecipientDisplayType
msExchRecipientTypeDetails
msExchVersion
showInAddressBook

Per-user attributes:
legacyExchangeDN
proxyAddress
textEncodedORAddress

Any help would be appreciated
0
Comment
Question by:kiwistag
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 8

Expert Comment

by:Saineolai
ID: 33582558
I'm not sure if it suits your scenario but you might also check out the suitability of ldifde.
0
 
LVL 7

Expert Comment

by:ms-pro
ID: 33582739
0
 
LVL 16

Accepted Solution

by:
Postmaster earned 2000 total points
ID: 33582778
Hi, LDIFDE can be used to modify AD accounts.
There can be some confusion as you are doing an IMPORT of the data file to make the desired changes.

This link http://support.microsoft.com/kb/237677 desrcibes the commands. Note that when you run LDIFDE (default is Export-mode) you get a list of data that you can use as a base for the change.

Word is really handy for search/replace of text. the file type is TXT, but they use .ldf

Some values cannot be changed, but you will find out which with a few tests.
If you have any errors, the import will stop. The error file will identify the problem record.
The quickest fix is to remove the problem record and re-run.

One good feature of this process is the original Export can be used (as an Import file) to quickly back out all changes.
0
 
LVL 6

Author Comment

by:kiwistag
ID: 33607761
I'll give it a shot today or tomorrow hopefully once reports of more accounts playng up come in.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question