Solved

Converting user mailboxes to linked mailboxes in Exchange 2013

Posted on 2016-09-22
21
64 Views
Last Modified: 2016-09-26
I have a significant number of user mailboxes that need to be converted to linked mailboxes. I'm testing the process now with individual accounts and am having difficulty.

In my test today, it appeared that I successfully made the conversion, but the freshly linked account had an empty mailbox. Before the switch, he had 2.5 GB in his mailbox. I need to know what this failed and how to get his mail back.

I used this script:
$Arg1 = "username" #same in account and resource forests)
$username = "accountforest\admin"
$password = ConvertTo-SecureString -String "********" -AsPlainText -Force
$cred = New-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password
Disable-Mailbox -Identity $Arg1
Enable-Mailbox -Identity $Arg1 -Alias $Arg1 -Database 'DB05' -LinkedMasterAccount 'accountforest.priv\username' -LinkedDomainController 'dc01.accountforest.priv' -LinkedCredential:$cred
Set-Mailbox -Id $arg1 -customAttribute1 "CompanyName"

Open in new window

I hobbled this together from several sources. When I ran it, I got an error about the account in the resource forest not being disabled. I disabled it in ADUC and ran the script again. This time is linked but the user had an empty mailbox. I can find no trace of the 2.5GB mailbox he was using before.

Any help is greatly appreciated.
0
Comment
Question by:hcca
  • 9
  • 8
  • 4
21 Comments
 
LVL 40

Expert Comment

by:Subsun
Comment Utility
You need to use the Connect-Mailbox command if you want to reconnect the existing mailbox.

Ref : https://technet.microsoft.com/en-us/library/aa997878(v=exchg.160).aspx

Much simple method is explained by Jim McBee using Set-User, it should work on Exchnage 2013 also..
Ref : http://mostlyexchange.blogspot.in/2013/12/convert-user-mailbox-to-linked-mailbox.html
0
 
LVL 38

Expert Comment

by:Adam Brown
Comment Utility
This should work for you.  Also, enable-mailbox will always create a completely blank mailbox. Note that disabled mailboxes are not identified by username in the mailbox database. If you want to connect an existing mailbox to a user, you have to use connect-mailbox. There are a number of attributes that can be used to represent the mailbox, but the primary identifier is the GUID of the mailbox, and that's kind of annoying to use. The changes here will check the mailbox database for a disconnected mailbox that has the user's full displayname on it, then pass that to the connect-mailbox cmdlet to assign a linked account in another forest to the mailbox.

$Arg1 = "username" #same in account and resource forests)
$displayname = <user's full name>
$username = "accountforest\admin"
$password = ConvertTo-SecureString -String "********" -AsPlainText -Force
$cred = New-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password
Disable-Mailbox -Identity $Arg1
$dcmb = Get-MailboxDatabase | Get-MailboxStatistics | Where { $_.DisplayName -eq $displayname} 
connect-Mailbox -Identity $dcmb -Alias $Arg1 -Database 'DB05' -LinkedMasterAccount 'accountforest.priv\username' -LinkedDomainController 'dc01.accountforest.priv' -LinkedCredential:$cred
Set-Mailbox -Id $arg1 -customAttribute1 "CompanyName"

Open in new window

0
 

Author Comment

by:hcca
Comment Utility
Adam,

This looks like it would do that trick. Unfortunately, since my first attempt created a new mailbox, the $dcmb returns to entries. One with the 25k missing items and the other much smaller. Is there a way I can be sure to connect to the correct mailbox in this case?
0
 
LVL 38

Expert Comment

by:Adam Brown
Comment Utility
You'll need to purge the empty mailbox. Use this to determine what the bad mailbox's GUID is
Get-MailboxDatabase | Get-MailboxStatistics | Where { $_.DisplayName -eq "<display name>" } | fl DisplayName,MailboxGuid,Database,DisconnectReason,totalitemsize

Open in new window


Then use this to purge it:
Remove-StoreMailbox -Database <Database the mailbox is on> -Identity <GUID of the bad MB> -MailboxState Disabled

Open in new window

0
 
LVL 40

Expert Comment

by:Subsun
Comment Utility
Did you try the Set-User option? in that method, there is no complexities like reconnecting mailbox.
0
 

Author Comment

by:hcca
Comment Utility
Subsun, I did not try the Set-User option. Can you elaborate?
0
 
LVL 40

Expert Comment

by:Subsun
Comment Utility
To convert the TestUserA mailbox to  linked mailbox
Set-User TestUserA -LinkedMasterAccount 'accountforest.priv\username' -LinkedDomainController 'dc01.accountforest.priv'

Open in new window

If this works on your test mailbox, then you can simply modify your code to use Set-User. let me know if you need any help on the same..
0
 
LVL 38

Expert Comment

by:Adam Brown
Comment Utility
Using the set-user method, you would not disconnect the mailbox at all. The whole script would be this:

$Arg1 = "username" #same in account and resource forests)
2:$username = "accountforest\admin"
3:$password = ConvertTo-SecureString -String "********" -AsPlainText -Force
4:$cred = New-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password
6:set-user -Identity $Arg1 -LinkedMasterAccount 'accountforest.priv\username' -LinkedDomainController 'dc01.accountforest.priv' -LinkedCredential:$cred
7:Set-Mailbox -Id $arg1 -customAttribute1 "CompanyName"

Open in new window

0
 

Author Comment

by:hcca
Comment Utility
Adam,

I tried editing your script but the -LinkedCredential:$cred is being rejected by the editor.
0
 
LVL 38

Expert Comment

by:Adam Brown
Comment Utility
Try this. Didn't notice the line numbers. Not sure why the editor is ignoring it, unless it doesn't like the -switch:argument method. I replaced the : with a space just in case.
$Arg1 = "username" #same in account and resource forests)
$username = "accountforest\admin"
$password = ConvertTo-SecureString -String "********" -AsPlainText -Force
$cred = New-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password
set-user -Identity $Arg1 -LinkedMasterAccount 'accountforest.priv\username' -LinkedDomainController 'dc01.accountforest.priv' -LinkedCredential $cred 
Set-Mailbox -Id $arg1 -customAttribute1 "CompanyName"

Open in new window

0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 

Author Comment

by:hcca
Comment Utility
Adam,

In your first script uses a variable $dcmb. When I tried to run that script it hung for a very long time and when it had finished, the mailbox was gone.

I ran it again but did a Write-Host $dcmb to see what the contents of the variable was. It printed: "Microsoft.Exchange.Management.MapiTasks.Presentation.MailboxStatistics" rather than the user.

What am I doing wrong here?
0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
Comment Utility
If you want to go with reconnecting mailbox method.. Try..
$Arg1 = "username" #same in account and resource forests
$username = "accountforest\admin"
$password = ConvertTo-SecureString -String "********" -AsPlainText -Force
$cred = New-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password
$Mbx = Get-Mailbox -Identity $Arg1
Disable-Mailbox -Identity $Arg1
connect-Mailbox $Mbx.DisplayName -Alias $Arg1 -Database $Mbx.Database.name -LinkedMasterAccount 'acc ountforest.priv\username' -LinkedDomainController 'dc01.accountforest.priv' -LinkedCredential $cred
Set-Mailbox -Id $arg1 -customAttribute1 "CompanyName"

Open in new window

0
 

Author Comment

by:hcca
Comment Utility
Subsun,

I gave that a try and the $cred and related values did not seem to get populated and the effort failed again. I'm not sure why. The mailbox was disabled without issue but it was not connected to the external user.
0
 
LVL 40

Expert Comment

by:Subsun
Comment Utility
Are you getting any errors? If yes, please post the error.
0
 

Author Comment

by:hcca
Comment Utility
There was no error, it just didn't work.

While doing a bit more searching, I found some comments from Martina Miskovic at the site, who suggested the following command:
Set-User -id <USER> -LinkedMasterAccount accountdomain\user -LinkedDomainController dc01.accountdomain.local -LinkedCredential(get-credential) 

Open in new window

I coupled that with the authentication lines to make this:
$Arg1 = "username" #same in account and resource forests
$username = "accountforest\admin"
$password = ConvertTo-SecureString -String "********" -AsPlainText -Force
$cred = New-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password
Set-User -id $Arg1 -LinkedMasterAccount ''accountforest.priv\"$Arg1 -LinkedDomainController 'dc01.accountforest.priv' -LinkedCredential $cred
set-mailbox -id $Arg1 -ApplyMandatoryProperties
Set-Mailbox -Id $Arg1 -customAttribute1 "CompanyName"

Open in new window

The last two lines were not needed as the properties already existed. This disabled the account in the mailbox forest and, so far as I can tell, did not impact any permissions or settings. I did not have to find the mailbox guid to connect as did when the other attempts failed. I also did not need to find the database the mailbox was in. I think this would be easier to do for over 1000 accounts since I only need to know the username, so long as the username is identical in both forests.

Do you see any downsides to this?
0
 

Author Comment

by:hcca
Comment Utility
I think that is pretty close to your solution except for leaving out the $Mbx. Agreed?
0
 
LVL 40

Expert Comment

by:Subsun
Comment Utility
If Set-User command works then that's the Best method. As it doesn't have complexity of disconnecting and reconnecting mailboxes. Like I said earlier. Test it with a single test mailbox. If it works then We can modify the script for multiple mailboxes.
0
 
LVL 40

Expert Comment

by:Subsun
Comment Utility
Also If there is no errors but access fails, then It could be due to replication delay.
0
 

Author Comment

by:hcca
Comment Utility
This seems to work fine though I must remember to force AD replication when it's finished. I put this together using a txt file for input of multiple users. I'm rethinking that though. Using a .csv file might be better in case I find a user whose login name is different in the account forest and the resource forest.

$username = "accountforest.priv\admin"
$password = ConvertTo-SecureString -String "********" -AsPlainText -Force
$cred = New-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password

# Read list of users to convert to linked mailboxes
$sourceusers = get-content "C:\Scripts\sourceusers.txt"
foreach($Arg1 in $sourceusers) 
{
Set-User -id $Arg1 -LinkedMasterAccount accountforest.priv\$Arg1 -LinkedDomainController 'dc01.accountforest.priv' -LinkedCredential $cred
set-mailbox -id $Arg1 -ApplyMandatoryProperties
Set-Mailbox -Id $Arg1 -customAttribute1 "CompanyName"
}

Open in new window

Any improvement that you would recommend?
0
 

Author Closing Comment

by:hcca
Comment Utility
Several very helpful comments but Subsun finally got through my thick skull and provided the tools to make things work very well.
0
 
LVL 40

Expert Comment

by:Subsun
Comment Utility
Text file is ok, if you have maintained same user name on both forests, if that's not the case then better use csv file.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now