Converting user mailboxes to linked mailboxes in Exchange 2013

I have a significant number of user mailboxes that need to be converted to linked mailboxes. I'm testing the process now with individual accounts and am having difficulty.

In my test today, it appeared that I successfully made the conversion, but the freshly linked account had an empty mailbox. Before the switch, he had 2.5 GB in his mailbox. I need to know what this failed and how to get his mail back.

I used this script:
$Arg1 = "username" #same in account and resource forests)
$username = "accountforest\admin"
$password = ConvertTo-SecureString -String "********" -AsPlainText -Force
$cred = New-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password
Disable-Mailbox -Identity $Arg1
Enable-Mailbox -Identity $Arg1 -Alias $Arg1 -Database 'DB05' -LinkedMasterAccount 'accountforest.priv\username' -LinkedDomainController 'dc01.accountforest.priv' -LinkedCredential:$cred
Set-Mailbox -Id $arg1 -customAttribute1 "CompanyName"

Open in new window

I hobbled this together from several sources. When I ran it, I got an error about the account in the resource forest not being disabled. I disabled it in ADUC and ran the script again. This time is linked but the user had an empty mailbox. I can find no trace of the 2.5GB mailbox he was using before.

Any help is greatly appreciated.
hccaAsked:
Who is Participating?
 
SubsunConnect With a Mentor Commented:
If you want to go with reconnecting mailbox method.. Try..
$Arg1 = "username" #same in account and resource forests
$username = "accountforest\admin"
$password = ConvertTo-SecureString -String "********" -AsPlainText -Force
$cred = New-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password
$Mbx = Get-Mailbox -Identity $Arg1
Disable-Mailbox -Identity $Arg1
connect-Mailbox $Mbx.DisplayName -Alias $Arg1 -Database $Mbx.Database.name -LinkedMasterAccount 'acc ountforest.priv\username' -LinkedDomainController 'dc01.accountforest.priv' -LinkedCredential $cred
Set-Mailbox -Id $arg1 -customAttribute1 "CompanyName"

Open in new window

0
 
SubsunCommented:
You need to use the Connect-Mailbox command if you want to reconnect the existing mailbox.

Ref : https://technet.microsoft.com/en-us/library/aa997878(v=exchg.160).aspx

Much simple method is explained by Jim McBee using Set-User, it should work on Exchnage 2013 also..
Ref : http://mostlyexchange.blogspot.in/2013/12/convert-user-mailbox-to-linked-mailbox.html
0
 
Adam BrownSr Solutions ArchitectCommented:
This should work for you.  Also, enable-mailbox will always create a completely blank mailbox. Note that disabled mailboxes are not identified by username in the mailbox database. If you want to connect an existing mailbox to a user, you have to use connect-mailbox. There are a number of attributes that can be used to represent the mailbox, but the primary identifier is the GUID of the mailbox, and that's kind of annoying to use. The changes here will check the mailbox database for a disconnected mailbox that has the user's full displayname on it, then pass that to the connect-mailbox cmdlet to assign a linked account in another forest to the mailbox.

$Arg1 = "username" #same in account and resource forests)
$displayname = <user's full name>
$username = "accountforest\admin"
$password = ConvertTo-SecureString -String "********" -AsPlainText -Force
$cred = New-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password
Disable-Mailbox -Identity $Arg1
$dcmb = Get-MailboxDatabase | Get-MailboxStatistics | Where { $_.DisplayName -eq $displayname} 
connect-Mailbox -Identity $dcmb -Alias $Arg1 -Database 'DB05' -LinkedMasterAccount 'accountforest.priv\username' -LinkedDomainController 'dc01.accountforest.priv' -LinkedCredential:$cred
Set-Mailbox -Id $arg1 -customAttribute1 "CompanyName"

Open in new window

0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
hccaAuthor Commented:
Adam,

This looks like it would do that trick. Unfortunately, since my first attempt created a new mailbox, the $dcmb returns to entries. One with the 25k missing items and the other much smaller. Is there a way I can be sure to connect to the correct mailbox in this case?
0
 
Adam BrownSr Solutions ArchitectCommented:
You'll need to purge the empty mailbox. Use this to determine what the bad mailbox's GUID is
Get-MailboxDatabase | Get-MailboxStatistics | Where { $_.DisplayName -eq "<display name>" } | fl DisplayName,MailboxGuid,Database,DisconnectReason,totalitemsize

Open in new window


Then use this to purge it:
Remove-StoreMailbox -Database <Database the mailbox is on> -Identity <GUID of the bad MB> -MailboxState Disabled

Open in new window

0
 
SubsunCommented:
Did you try the Set-User option? in that method, there is no complexities like reconnecting mailbox.
0
 
hccaAuthor Commented:
Subsun, I did not try the Set-User option. Can you elaborate?
0
 
SubsunCommented:
To convert the TestUserA mailbox to  linked mailbox
Set-User TestUserA -LinkedMasterAccount 'accountforest.priv\username' -LinkedDomainController 'dc01.accountforest.priv'

Open in new window

If this works on your test mailbox, then you can simply modify your code to use Set-User. let me know if you need any help on the same..
0
 
Adam BrownSr Solutions ArchitectCommented:
Using the set-user method, you would not disconnect the mailbox at all. The whole script would be this:

$Arg1 = "username" #same in account and resource forests)
2:$username = "accountforest\admin"
3:$password = ConvertTo-SecureString -String "********" -AsPlainText -Force
4:$cred = New-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password
6:set-user -Identity $Arg1 -LinkedMasterAccount 'accountforest.priv\username' -LinkedDomainController 'dc01.accountforest.priv' -LinkedCredential:$cred
7:Set-Mailbox -Id $arg1 -customAttribute1 "CompanyName"

Open in new window

0
 
hccaAuthor Commented:
Adam,

I tried editing your script but the -LinkedCredential:$cred is being rejected by the editor.
0
 
Adam BrownSr Solutions ArchitectCommented:
Try this. Didn't notice the line numbers. Not sure why the editor is ignoring it, unless it doesn't like the -switch:argument method. I replaced the : with a space just in case.
$Arg1 = "username" #same in account and resource forests)
$username = "accountforest\admin"
$password = ConvertTo-SecureString -String "********" -AsPlainText -Force
$cred = New-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password
set-user -Identity $Arg1 -LinkedMasterAccount 'accountforest.priv\username' -LinkedDomainController 'dc01.accountforest.priv' -LinkedCredential $cred 
Set-Mailbox -Id $arg1 -customAttribute1 "CompanyName"

Open in new window

0
 
hccaAuthor Commented:
Adam,

In your first script uses a variable $dcmb. When I tried to run that script it hung for a very long time and when it had finished, the mailbox was gone.

I ran it again but did a Write-Host $dcmb to see what the contents of the variable was. It printed: "Microsoft.Exchange.Management.MapiTasks.Presentation.MailboxStatistics" rather than the user.

What am I doing wrong here?
0
 
hccaAuthor Commented:
Subsun,

I gave that a try and the $cred and related values did not seem to get populated and the effort failed again. I'm not sure why. The mailbox was disabled without issue but it was not connected to the external user.
0
 
SubsunCommented:
Are you getting any errors? If yes, please post the error.
0
 
hccaAuthor Commented:
There was no error, it just didn't work.

While doing a bit more searching, I found some comments from Martina Miskovic at the site, who suggested the following command:
Set-User -id <USER> -LinkedMasterAccount accountdomain\user -LinkedDomainController dc01.accountdomain.local -LinkedCredential(get-credential) 

Open in new window

I coupled that with the authentication lines to make this:
$Arg1 = "username" #same in account and resource forests
$username = "accountforest\admin"
$password = ConvertTo-SecureString -String "********" -AsPlainText -Force
$cred = New-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password
Set-User -id $Arg1 -LinkedMasterAccount ''accountforest.priv\"$Arg1 -LinkedDomainController 'dc01.accountforest.priv' -LinkedCredential $cred
set-mailbox -id $Arg1 -ApplyMandatoryProperties
Set-Mailbox -Id $Arg1 -customAttribute1 "CompanyName"

Open in new window

The last two lines were not needed as the properties already existed. This disabled the account in the mailbox forest and, so far as I can tell, did not impact any permissions or settings. I did not have to find the mailbox guid to connect as did when the other attempts failed. I also did not need to find the database the mailbox was in. I think this would be easier to do for over 1000 accounts since I only need to know the username, so long as the username is identical in both forests.

Do you see any downsides to this?
0
 
hccaAuthor Commented:
I think that is pretty close to your solution except for leaving out the $Mbx. Agreed?
0
 
SubsunCommented:
If Set-User command works then that's the Best method. As it doesn't have complexity of disconnecting and reconnecting mailboxes. Like I said earlier. Test it with a single test mailbox. If it works then We can modify the script for multiple mailboxes.
0
 
SubsunCommented:
Also If there is no errors but access fails, then It could be due to replication delay.
0
 
hccaAuthor Commented:
This seems to work fine though I must remember to force AD replication when it's finished. I put this together using a txt file for input of multiple users. I'm rethinking that though. Using a .csv file might be better in case I find a user whose login name is different in the account forest and the resource forest.

$username = "accountforest.priv\admin"
$password = ConvertTo-SecureString -String "********" -AsPlainText -Force
$cred = New-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password

# Read list of users to convert to linked mailboxes
$sourceusers = get-content "C:\Scripts\sourceusers.txt"
foreach($Arg1 in $sourceusers) 
{
Set-User -id $Arg1 -LinkedMasterAccount accountforest.priv\$Arg1 -LinkedDomainController 'dc01.accountforest.priv' -LinkedCredential $cred
set-mailbox -id $Arg1 -ApplyMandatoryProperties
Set-Mailbox -Id $Arg1 -customAttribute1 "CompanyName"
}

Open in new window

Any improvement that you would recommend?
0
 
hccaAuthor Commented:
Several very helpful comments but Subsun finally got through my thick skull and provided the tools to make things work very well.
0
 
SubsunCommented:
Text file is ok, if you have maintained same user name on both forests, if that's not the case then better use csv file.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.