Powershell not reporting disabled users properly
Hi,
I m running a powershell script to return mailbox statistics for users in a specific OU.
simply, get-mailbox -ou ou1 | get-mailboxstatistics | export-csv file.csv
I get a field ObjectClass that says "mailbox" for all enabled users and "mailbox, userdisabled" for "some" disabled users but not ALL the disabled users...
I do not think these users have linked mailboxes but not 100% sure still...
Does anyone know why?
I m running a powershell script to return mailbox statistics for users in a specific OU.
simply, get-mailbox -ou ou1 | get-mailboxstatistics | export-csv file.csv
I get a field ObjectClass that says "mailbox" for all enabled users and "mailbox, userdisabled" for "some" disabled users but not ALL the disabled users...
I do not think these users have linked mailboxes but not 100% sure still...
Does anyone know why?
Agreed. Dig into the user attributes with ADSIEdit. Open one that is reporting correctly and one that is not. Do a side by side compare and see if you can isolate the differences.
Are all users getting disabled by the same process? Do you have any Exchange 2003 servers still? You'll get some different results if you're in a mixed environment and performing actions from ADUC, ESM03, or EMC07. At least in terms of powershell results from your 2007 server.
Quest ActiveRoles probably does not have the same limitations.
Are all users getting disabled by the same process? Do you have any Exchange 2003 servers still? You'll get some different results if you're in a mixed environment and performing actions from ADUC, ESM03, or EMC07. At least in terms of powershell results from your 2007 server.
Quest ActiveRoles probably does not have the same limitations.
Are you sure your your talking to the same DC (global catalog?)
Basically i've had similar issues where EMC reports one thing and EMS reports something else and it's caused by replication latency within AD. If you are talking to different DCs then test replication latency with
[PS] C:\Windows\system32>repadm
Replication Summary Start Time: 2011-12-03 16:57:26
Beginning data collection for replication summary, this may take awhile:
.....
Source DSA largest delta fails/total %% error
RS2K-DC-02 02m:49s 0 / 5 0
RS2k-DC-01 05m:18s 0 / 5 0
Destination DSA largest delta fails/total %% error
RS2K-DC-02 05m:18s 0 / 5 0
RS2K-DC-01 02m:49s 0 / 5 0
Although Intrasite replication is supposed to be instant you stil see the delta build to 15 mins before repliction occuring and the delta returning to zero.
Basically i've had similar issues where EMC reports one thing and EMS reports something else and it's caused by replication latency within AD. If you are talking to different DCs then test replication latency with
[PS] C:\Windows\system32>repadm
Replication Summary Start Time: 2011-12-03 16:57:26
Beginning data collection for replication summary, this may take awhile:
.....
Source DSA largest delta fails/total %% error
RS2K-DC-02 02m:49s 0 / 5 0
RS2k-DC-01 05m:18s 0 / 5 0
Destination DSA largest delta fails/total %% error
RS2K-DC-02 05m:18s 0 / 5 0
RS2K-DC-01 02m:49s 0 / 5 0
Although Intrasite replication is supposed to be instant you stil see the delta build to 15 mins before repliction occuring and the delta returning to zero.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I think you want expand your script a little further to query user objects, attribute userAccountControl = 514.
ASKER
none.
ASKER
none
http://social.technet.microsoft.com/Forums/en-US/exchangesvrmonitoring/thread/c7512330-3d18-49af-a72e-c6b93e456be3/
To be honest, if you were to look into this in more depth you would need to identity the ones that are reporting like this and then check into the user attributes further with something like ADSIEdit.
For disabled AD objects, I would personally use Quest ActiveRoles, and then check the user state with that as I think it would be more accurate. I tend to use the Exchange commands for Exchange specific things such as getting back mailbox sizes.