Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 436
  • Last Modified:

Programmatically Provision AD User Accounts and Exchange 2007 mailboxes

Hello,

We have an Active Directory 2003 domain running a mixed environment and an Exchange 2007 environment running native 2007.  Our Exchange environment consists of a DB and a CAS server.  We have a HRIS system that we are trying to get to create new users and mailboxes in our AD/Exchange environment automatically.  The system is creating AD accounts correctly but not the associated exchange mailbox.  It ends up creating a mail-enabled user account, not a mailbox user account, so no email mailbox is being generated for the user.  We are currently populating and pushing the following attributes:

cn
department
displayName
extensionAttribute1
extensionAttribute2
givenName
homeMDB
homeMTA
mail
mailNickname
name
-PunicodePwd
sAMAccountName
sn
targetAddress&proxyAddresses
telephoneNumber
title
userAccountControl
userPrincipalName

We are at the point where is it creating a mail-enabled user account but again is not creating an actual mailbox on the server.  Any help pointing us in the right direction would be greatly appreciated.

Thank you,
Paul C.
0
adlertech
Asked:
adlertech
1 Solution
 
arnoldCommented:
There are many vbscript, powershell scripting examples to fulfill your needs.
0
 
SubsunCommented:
Ideally you just want to disable the mail user using Disable-MailUser and create mailbox for the user using Enable-Mailbox.

The problem you may face will be with the email address.  When you enable mailbox the alias of the account will be same as sAMAccountName. And email address stamped will be based on your email address policy (You can find it under Exchange Management console > Organization Configuration > HUB transport email address policies.).  If you didn't change anything specific on email address policy then email address will be stamped as "<alias>@domain.com".
So If you are sure that your account’s email address are in same format (<alias>@domain.com)then you can use the following code to enable mailbox for users.

To disable users.. create a text file contains the UPN’s of the users which you want to disable.. And use the following code..
GC C:\Users.txt | % {
Disable-MailUser $_ -Confirm:$false
}

Open in new window

C:\Users.txt format
UserA@domain.com
UserB@domain.com
UserC@domain.com
UserD@domain.com

Open in new window

You can use the same input file to enable the mailbox. Use the following code to enable mailbox..
GC C:\User.txt | % {
Enable-Mailbox $_ -Database "Server\Storage Group\DB001"
}

Open in new window

If you have a different email for mat other than (<alias>@domain.com). Then you need to update the correct email address along with the mailbox creation.

Run all the codes from Exchange Management Shell. And also don;t forget to test the code in your test server before you run it against production servers.
0
 
aa-denverCommented:
This is normal with Exchange 2007.  When a user account is mail enabled all the settings are made in Active Directory but the mailbox is not actually created on the server until the user logs onto the mailbox either with OWA or Outlook or until the user is sent an email.  So program your script to send an email to the new user right after mailbox creation.

A related issue that puzzles people but makes sense after you understand the above is that if you mail enable an account and then mail disable delete that account without connecting to the mailbox or sending mail to the new mailbox, there will be no disconnected mailbox visible on the Exchange server.

This article recaps the situation as well.  http://www.sysadmin-network.com/profiles/blogs/exchange-2007-powershell-1
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now