Bulk Creating Users For Your Test Network

KB ID 0000784 

Problem

Update Jan 2023: Feel free to use this Bulk-Create-AD-Users-Script (Just remeber to change the domain details in the “Global Variables’ Sections to give you 10o0 users, with sensible names addreeses etc.

Having a test network, is great for both learning, and testing. I’ve got some major migrations coming up in the next few months, so I’m in the process of running up some new test servers. I usually run a quick .vbs file like this;

[box]

Set objRootDSE = GetObject("LDAP://rootDSE")
Set objContainer = GetObject("LDAP://cn=Users," & _
objRootDSE.Get("defaultNamingContext"))

For i = 1 To 1000
Set objLeaf = objContainer.Create("User", "cn=UserNo" & i)
objLeaf.Put "sAMAccountName", "UserNo" & i
objLeaf.SetInfo
Next
WScript.Echo "1000 Users created."

[/box]

Save that as createusers.vbs and run it on your domain controller and it will churn out 1000 users (named UserNo1 – UserNo1000). They will be disabled, with no passwords, but that can be rectified with a few mouse clicks.

But I want something a little more realistic, so I found a random name generator, and decided to have a script to create 1000 users that were a little more ‘lifelike’.

Solution

1. Download this zip file, and extract it to your desktop. To run the script you will need to set your Execution Policy with the following command;

[box]
Set-ExecutionPolicy Unrestricted[/box]

2. You will need to change a couple of lines in the newusers.ps1 file open it with notepad and change the domain details to match yours;

[box]

$TargetOU = [ADSI]“LDAP://CN=Users,DC=pnl,DC=com”
foreach ($user in import-csv usernames.csv)
{
$newUser = $TargetOU.Create(“user”,“cn=” +$user.login)
$newUser.put(“sn”, $user.Last)
$newUser.put(“DisplayName”, $user.First + ” “ +$user.Last)
$newUser.put(“givenName”, $user.First)
$newUser.put(“sAMAccountName”,$user.login)
$newUser.put(“userPrincipalName”,$user.login + “@pnl.com”)
$newUser.SetInfo()
$newUser.SetPassword($user.password)
$newUser.put(“userAccountControl”, 512)
$newUser.SetInfo()
}

[/box]

3. Change directory to the folder with your script in, and run it, it will put the details from the usernames spreadsheet;

[box]

cd Desktop/New_Users
./Newusers.ps1

[/box]

3. Look in Active Directory and there are your new users.

Bulk Creating Mailbox’s for your Users

Now I’ve got my users in AD, I want them all to have a mailbox, so a quick PowerShell command;

[box]
Get-User -OrganizationalUnit “pnl.com/users/” -ResultSize Unlimited | Enable-Mailbox -Database “Mailbox-Database” [/box]

It will throw out the odd error (e.g. if it finds users that are already mail enabled), that’s OK.

Related Articles, References, Credits, or External Links

NA

Exchange: ‘Can’t find the Organizational Unit that you specified’

KB ID 0001561

Problem

I’ve not actually seen this myself, but it was asked on a forum, and I managed to replicate it on the bench. When working on a user or mailbox in Exchange  you may see the following error;

Error
Can’t find the organisational unit that you specified, Make sure that you have typed the OU’s identity correctly

Solution

This happens because you have a ‘Slash’ ‘/‘in the Organisational Unit that the user object is inside in Active Directory, like so;

Rename the OU to something more sensible!

Why does this happen? It’s because when there’s a slash in the OU name, like ‘MyOU/Name‘ it gets rejected by the system, as programatically it should be ‘MyOU\/Name‘.

I Don’t Have a Forward Slash in My OU Name, and I’m Still Seeing this Error?

Make sure your user, is NOT in a ‘Container‘ rather than an OU. In the example above you can see the icon for ‘Users‘ is different from the icon for “PNL” or “Test” that’s because this is NOT an OU it’s a container, move your user to an OU, then try again. Note: This can happen to the Administrator amount as well, because that’s in a container called ‘Builtin‘.

Related Articles, References, Credits, or External Links

NA

GFI MailArchiver

Deploying GFI MailArchiver with Exchange 2010, Using the Outlook Connector, Importing and Exporting Data.

KB ID 0000666

Problem

I’ve been involved with Exchange for a long time, either being directly responsible for it, or supporting others that do. And like all systems it would run a lot smoother if you kept users away from it! But unfortunately you can’t, so your system is probably full of users “Deleted Items” and “Sent Items” and a copy of every email that some users have ever received “Because I might need them”. And for years I’ve been saying “It’s a messaging system not a file storage system” and lecturing users about tidying up their inbox. Yes you can setup retention policies but most people don’t.

Even if you do have conscientious users, some of them click “Yes” when Outlook asks them “Would you like to Auto-Archive your old messages now?” Then you have PST files all over the place getting corrupted and not getting backed up.

In addition, just as techs like me are shouting at users to delete things, businesses are now finding that they need to keep ALL their digital messaging for things like Sarbanes-Oxley and Freedom of Information enquiries. Yes I’m sure you back up your Exchange server but what if you needed to produce a message thread about a particular project that was two years ago in the middle of a month?

Archiving

Is the process of taking a copy of mail messages as they pass through Exchange and copying them off to an external location, in this case a database. The advantage of doing this is that database can be on cheaper midline storage and (potentially) keeps the Exchange database sizes down. With Exchange this is done by setting up Journaling (that’s the process of sending a copy of all [or specified] mail to a journal users mailbox). MailArchiver then takes this mail and put it into its database.

Advantages

1. Performance: Getting all the ‘Old’ Data out of the exchange databases makes them smaller, and more efficient.

2. Elimination of PST files: There’s a big list of reasons why I don’t like PST files. If you’ve ever had a user lose email because of them, then as far as they’re concerned its YOUR fault. There are tools to import PST file into the database, (and to export as well).

3. Disaster Recovery: How nice would it be, the next time users email message ‘disappears’ (Users never delete emails they just disappear), they could restore it themselves, from within Outlook. the Outlook Mail Connector software will do this. Also your backup window for Exchange will be a lot smaller.

4. Compliance: Saving a copy of all messages in a database has the advantage, that it’s searchable, and you can export the data you find in a format that you can import straight back into Exchange or send to someone.

5. Investigation: MailArchiver provides some powerful search and reporting tools. If your HR department needed to see who said what to who about projectXYZ then using conventional methods would be a nightmare.

Solution

GFI MailArchiver 2012 Installation and Configuration

Enabling Journaling in Exchange 2010

Note: GFI Mail Archive setup can do this for you but I prefer to do things manually.

1. Launch the Exchange System Management Console > Recipient Configuration > Mailbox > New Mailbox.

2. User Mailbox > Give it a name and set the password > Don’t create an archive > New > Finish.

3. Option 1: Standard Journaling can be enabled on a mailbox store > Organisational Configuration > Mailbox > Locate the store> Properties.

4. Maintenance tab > Tick Journal recipient then browse for the user you created > Apply OK.

5. Option 2: (Note: Requires an Exchange Enterprise CAL) This is set up using a Journaling rule > Organizational Configuration > Hub Transport > Journal Rules > New Journal Rule.

6. Give the rule a name > Browse for the user you created earlier > Set the scope (in most cases you will want global) > New > Finish.

7. To test it’s working send and email then log on as your ‘Journal’ user and make sure you have a copy in the inbox.

Installing GFI MailArchiver 2012

8. Before installing the GFI MailArchiver server needs the Exchange MAPI Client and Collaboration Data Objects 1.2.1 (Unless you are installing it on the Exchanges server).

9. Also (though not essential) I prefer to disable IE Enhanced Security Configuration, so IE wont get upset with the management console.

10. You can add the URL to trusted sites if you want, but I’m not a fan of IE ESC anyway so I simply disable it.

11. Now run the GFI MailArchiver installer.

12. Now this I DO LIKE, why can’t Exchange do this! These are the server pre-requisites, rather than just falling over and giving you an error (I’m looking at you Windows Exchange Developers!) It offers to do the hard work for you. It takes a while though, best go for a coffee at this point > Next > Select whether you want to check for a newer version > Accept the EULA > Set the destination folder > Next.

13. Here the default setting, WARNING if you already have web services on this server (or even UPS software using port 80), have a common sense check.

Note: If you are not sure, the following command will tell you if port 80 (http) is in use;

[box]netstat -aon | find “:80″[/box]

14. Select Install > Finish.

Configuring MailArchiver 2012

15. The GFI MailArchiver management console will launch > Configure.

16. Next.

17. Enter your licence key and select verify licence key > Next.

18. Next.

19. In this example I’m using the Firebird database, in a production environment you should be using SQL server > Next.

20. Change the paths if required > Enter some domain credentials> Next.

21. Next

22. Next

23. Next

24. I’m selecting Auto > Next

25. As I set the user up myself I’m choosing Manual > Next.

26. Exchange Web Services seems to be less problematic > Enter your Journal user account > Next.

27. Next.

28. Finish.

29. We are now up and configured.

GFI MailArchiver – Outlook Connector, Import and Export

GFI MailArchiver – Using the Outlook Connector

30. Firstly you need to enable ‘Mailbox Folder Structure Retrieval’ on the GFI server > Launch the MailArchiver Management console.

31. Mailbox Folder Structure Retrieval.

32. Change Settings.

33. Enter a user account to connect to Exchange Web Services with, here I’m using my domain admin, whichever account you use needs to have administrative access on the Exchange and the GFI server. It also (domain admin included) needs the following Powershell commands running on the Exchange server before it will work, (change the user name to match your own);

[box]New-ManagementScope -name “MAUMPolling” -recipientrestrictionfilter {recipienttype -eq “UserMailbox”}</p> <p>New-ManagementRoleAssignment -name “MAUMPollingRA” -role:applicationimpersonation -user “administrator@petenetlive.net” -customrecipientwritescope “MAUMpolling”[/box]

34. Next.

35. Finish.

Installing the Outlook Connector on a Client

36. I’ve already got a client PC setup with Outlook 2010.

37. I’m just connecting to the GFI servers management URL from the client and downloading the Outlook Connector.

Note: The versions are for Outlook 32 bit and Outlook 64 bit, even if your Windows client is 64 bit you may still be running 32 bit Outlook/Office. If you get it wrong it will tell you your version of Office is not supported.

38. Install the client software, accept the defaults, all you need to specify is the URL of the GFI MailArchiver server.

39. Now when your user opens Outlook, they get an additional mailbox called “GFI MailArchiver Mailbox” that carries a copy of ALL the users mail (Note: Not the mail from before the product was installed, to import that see the import section below, and choose ‘Import for Exchange mailbox’. In addition each user now has a MailArchiver tool bar from which they can search for their mails.

Note: If a user ‘loses’ a mail they can simply drag a copy from their GFI mailbox to their live inbox.

GFI MailArchiver – Importing Data from PST Files

Note: To do this the machine needs to have Outlook installed on it (and NOT Outlook 64 bit!)

40. Launch the GFI MailArchiver Import and Export Tool.

41. Import from .pst files.

42. Add PST file > Browse to your PST file > Open.

43. Select the folder(s) required > Next

44. Select a date range > Select the user that will own the imported data > Next.

Note: I’d rather have an “Import Everything” option!

45. When complete > Finish.

46. Now that user will have the imported mail as well (Note: The default view is “Emails in last 30 days” so don’t panic if you don’t see it all).

GFI MailArchiver – Exporting Data to PST File

47. Launch the GFI MailArchiver Import and Export Tool.

48. Enter the URL of the GFI server > Verify > Ensure it says OK > Next.

49. Select what you want to export (I’m going to search for email containing particular words) > Next.

50. Type in your search text > Find > Next.

51. Here you can restore the mail to a mailbox, export it to .msg or .eml format, or my old nemesis .pst files, I’ll choose the latter > Next.

52. And there’s my .pst file, ready to be sent out to satisfy my freedom of Information enquiry.

 

Related Articles, References, Credits, or External Links

NA

Exchange – New User(s) Not Showing Up On Global Address List

KB ID 0000775 

Problem

If you create a new user, give them a mailbox, and they seemingly fail to appear then don’t panic!

Firstly and fore mostly: If you do anything in Exchange: Apply the “cup of coffee rule”, never make a change then go and prove that change works straight away! check it later.

However most of us work in the real world and you have a user who needs to use this mailbox yesterday!

Bear in mind, the process you need to follow is;

1. Make sure the user does have a mailbox.
2. Make sure that user/mailbox is on the GAL.
3. Make sure the OAB you are looking at, has been updated from the GAL.
4. If using Outlook, query the GAL directly, or download the latest OAB.

Solution

Make sure the User Does Have a Mailbox

1. Before you do anything send the user you created a ‘Test Email’ from your own account. If you receive an error message then you can investigate further (Note: Set your Outlook client to send you a delivery report on the test email as well). Then check the mailbox Exists (See Check for existence of mailbox sections below).

Check for the Existence of the mailbox (Exchange 2000 /2003)

1. Click Start > All Programs > Microsoft Exchange > System Manager.

2. Expand the Exchange Organisation > Administrative groups > Administrative group name (First Administrative group is the default).

Note: If you cannot see Administrative Groups right click the Very top object > Properties > Tick Display Administrative Groups.

3. Expand Servers > Server-name > Storage Group (First Storage group will be the default) > Mailbox Store > Mailboxes.

4. The Mailbox SHOULD be in the right hand window (Providing you are in the correct administrative group, on the correct server, and in the correct mailbox store!).

Check for the Existence of a mailbox (Exchange 2007/2010)

Remember with Exchange 2007 / 2010 you create the mailbox with the Exchange system Manager anyway!

1. On the Exchange Server, Start > All Programs > Microsoft Exchange Server 2007 > Exchange Management Console.
2. Expand recipient Configuration > Mailbox.
3. The Mailbox should be listed in the centre window.

Check for the Existence of a mailbox (Exchange 2013/2016)

Connect to the Exchange admin center > recipients > mailboxes > locate your user.

Mailbox is there but the user is not listed on the Global Address List

1. Make sure the user is not “Hidden from the Global Address List”

Exchange 2000/2003

On the Exchange Server > Click Start > run > dsa.msc {enter} >Locate the user in question > Right Click the user > Properties > Exchange Advanced Tab > Ensure “Hide from Exchange Address Lists” is NOT ticked.

Exchange 2007/2010

On the Exchange Server > Start > All Programs > Microsoft Exchange Server 2007 > Exchange Management Console Expand recipient Configuration > Mailbox > Locate the Mailbox for the user in question > Right Click the Mailbox > Properties > General Tab > Ensure “Hide From Exchange Address Lists” is NOT ticked.

Exchange 2013/2016

Connect to the Exchange admin center > recipients > mailboxes > locate your user > Edit > Ensure “Hide From Exchange Address Lists” is NOT ticked.

Make sure the user is on the Global Address List on the server.

The easiest way to do this is simply connect to Outlook Web Access, and query the GAL directly (OWA uses the GAL no the OAB like Outlook running in cached mode does).

Exchange 2000/2003

Click Start > All Programs > Microsoft Exchange > System Manager > Expand Recipients >All Global Address Lists > Right Click Default Global Address List > Properties > General Tab > Preview > Check the user is on this list.

Exchange 2007/2010

On the Exchange Server > Start > All Programs > Microsoft Exchange Server > Exchange Management Console > Select Organisation Configuration > Mailbox > Address Lists Tab > Locate the all users Object > Double Click it > Select Preview > Check the user is on this list > OK > Cancel.

Exchange 2013/2016

Connect to the Exchange admin center > organization > address lists > Default Global Address List > Edit > Preview recipients in the global address list includes… > Locate the user.

The User/Mailbox IS listed on the Server But NOT in Outlook.

Remember, if you are looking at the Global Address List in Outlook then you are NOT looking at the Servers Global Address List*. If you are using Outlook  you may be in “Cached Mode”, and you are looking at a copy called the “Offline address book” This only gets updated Every 24 hours, and the copy on the server only gets updated every 24 hours at 04:00 (by default). In addition to this there a a few methods by which your Outlook clients get the offline address book.

*Note: Unless you are NOT in cached mode.

Outlook 2003 (and older)* clients get their OAB from a public folder, Outlook 2007 (and newer) clients can get their OAB from ‘Web-based distribution’ (basically form the website on the Exchange (or Exchange CAS) server. So there are three factors stopping you seeing that new user on the GAL (I personally advise you simply wait, however if that’s not an option, read on).

*Exchange Supported versions of Outlook

Support for Outlook 2000 was dropped with Exchange 2007, Exchange 2010 only supports Outlook 2003 (post SP2). Exchange 2013 only supports Outlook 2007 (post SP3 and cumulative update), and Outlook 2010 must be at SP1 with cumulative update.

a. Firstly force update the Offline Address Book.
b. Force your Outlook Client to Download the Offline Address book.
c. Check that the OAB is getting distributed from the Exchange/CAS server.

Update the Offline Address Book from the Global address List

Exchange 2000 / 2003

Click Start > All Programs > Microsoft Exchange > System Manager > Expand Recipients > Offline Address Lists > Right Click the “Default Offline Address Book” > Rebuild > HEED THE WARNING > OK > Right Click it again > Properties, You will see the time it updates (by default) you can change that here..

Exchange 2007 / 2010

1. On the Exchange Server > Start > All Programs > Microsoft Exchange Server 2007 > Exchange Management Console > Select Organisation Configuration > Mailbox > Offline address book tab > Right Click the Default Offline Address Book > Update > HEED THE WARNING > OK > Right Click Again > Properties > You can change the Schedule at which it updates.

Exchange 2013/2016

You can also force the OAB update with the following PowerShell command;

[box] get-offlineaddressbook | update-offlineaddressbook [/box]

Check the OAB is getting Distributed to Outlook

Exchange 2000 / 2003

Click Start > All Programs > Microsoft Exchange > System Manager > Expand the Exchange Organisation > Administrative groups > Administrative group name (First Administrative group is the default) > Expand Servers > Server-name > Storage Group (First Storage group will be the default) > Public Folder Database > Ensure it is mounted.

Then expand Folders > Public Folders > OFFLINE ADDRESS BOOK > Make sure it’s displayed as per the image below.

Exchange 2007 / 2010

On the Exchange Server > Start > All Programs > Microsoft Exchange Server > Exchange Management Console > Select Organisation Configuration > Mailbox > Offline address book tab > Right Click the Default Offline Address Book > Properties > Distribution.

Note: Make sure the Generation Server is set to a server that exists, and it’s online.

In the diagram below you can see this server is performing public folder AND web based distribution, this is probably because you ticked this box when you installed the product.

For public folder distribution ensure the public folder database is mounted, and at least one server holds a replica. Also in the properties of the mailbox database, your users are using, make sure it points to the correct public folder database.

For web-based distribution make sure the site is up.

Exchange 2013/2016

Exchange 2013/2016 will only be distributing the OAB via web-distribution. make sure the default website is up.

Force Outlook to Download the New Offline Address Book

For all versions of Outlook (since 2003) you have two choices, either take Outlook out of cached mode* (so it queries the ‘live’ global address list). Or force Outlook to download the latest version of the offline address book.

*Note: Disabling cached mode is not really a fix!

Outlook 2003 Download The Offline Address Book

Tools > SendReceive > Download Address Book > OK.

Outlook 2003 Turn off Cached Mode

Tools > E-mail Accounts > View or change existing email accounts > Next > Select the account > Change > un-tick “Use Cached Exchange Mode” > Next.

Outlook 2007 Download The Offline Address Book

Tools > SendReceive > Download Address Book > OK.

Outlook 2007 Turn off Cached Mode

Tools > Account Settings > Select the account > Change > un-tick “Use Cached Exchange Mode” > Next.

Outlook 2010 Download The Offline Address Book

Send/Receive > Send/Receive Groups > Download Address Book > OK.

Outlook 2010 Turn off Cached Mode

File > Account Settings > Account Settings > Select the account > Change > un-tick “Use Cached Exchange Mode” > Next.

 

Outlook 2013/2016 Download The Offline Address Book

Send/Receive> Send/Receive Groups > Download Address Book > OK.

Outlook 2013/2016 Turn off Cached Mode

File > Account Settings > Account Settings > Select the account > Change > un-tick “Use Cached Exchange Mode” > Next.

 

Related Articles, References, Credits, or External Links

Exchange 2013 – Working with and Managing the OAB

 

 

Exchange PST Import Error – ‘Couldn’t connect to the target mailbox’

KB ID 0000801

Problem

I was trying to import some PST files into SBS 2011, and got the following error;

Couldn’t connect to the target mailbox

Solution

Before you proceed, make sure the user you are logged in as, and are attempting to perform the New-MainboxImportRequest command has been granted the rights to carry out mailbox imports, read the following article;

Exchange 2010 (Post SP1) Bulk Importing Mail From pst Files

Note: If the machine you are importing into is part of a CAS array you may also see this error, to fix that problem you need to create a temporary mail database and move the target mailbox into it, then change the RpcCLientAccessServer property for that database, like so;

[box] set-MailboxDatabase TEMPDB -RpcClientAccessServer Exchange01.petenetlive.com[/box]

1. Make sure the folder you are importing from (this has to be a UNC path NOT a path to local folder!) has permissions granted to it for the Trusted Exchange Subsystem group.

2. If your machine is also a global catalog server, (Note: As mine is an SBS server, and the only DC I don’t really have a choice.) You may find that the ‘Microsoft Exchange RPC Client Access’ service is not running, start it manually then attempt the import again.

 

Related Articles, References, Credits, or External Links

NA

 

Error 3221684229 Installing Exchange 2007 (Mailbox Role) – On Windows Server 2008 R2

KB ID 0000262 

Problem

Seen Installing Exchange 2007 SP1 on Windows Server 2008 R2.

Error:
An error occurred. The error code was 3221684229. The message was Access is denied.

 

Solution

1. Close down any open Exchange 2007 install windows and select “No” if asked to reboot.

2. Navigate to setup.exe in your Exchange 2007 media > Right click > Properties > Compatibility tab > Tick “Run this program in compatibility mode for:” > Select “Windows Vista (Service Pack 2) > Apply > OK.

3. Re-run the setup.exe > Add in the Mailbox Role.

4. This time it should complete successfully.

 

Related Articles, References, Credits, or External Links

NA

Connecting Evolution Mail Client to Exchange 2010 (and Exchange 2007)

KB ID 0000378

Problem

Out of the box Evolution can only connect to Exchange 2000 and Exchange 2003, this is because it uses OWA to connect, when Exchange 2007 was released, the way OWA was presented changed a great deal. So if you try and connect to a newer version of Exchange it will error. (Before you email in, I know in 2010, its now called Web App not OWA).

But there’s nothing to stop you connecting to Exchange 2007 and Exchange 2010 via MAPI, you just have to add a few packages first.

I originally wrote this a while back for version 10, but I’ve updated it for version 11.10. I’ve left the earlier version 10 notes below.

Solution

Ubuntu Version 11.10

1. If Evolution is not already installed, Launch the Ubuntu Software Manager and search for Evolution > Install.

2. You will need to enter your password.

3. After a few minutes it should get a green tick to say its been installed.

4. In addition you need to locate and install the “Evolution support for the groupware suite”.

5. When complete launch Evolution.

6. At the welcome screen it asks you to click forward, (That’s what the button used to say). But it’s now “Continue”.

7. You can restore form a backup, but I’ve not got one > Continue.

8. Type in your name and email address > Continue.

9. Now change the server to “Exchange MAPI” > Give it the name/IP of your Exchange server and your domain details > Authenticate > Enter your domain password > And it should say successful > Continue.

10. Set your email account requirements > Continue.

11. Give the account a name, by default it will be your email address, but you can change it > Continue.

12. Apply.

13. Before Evolution launches it will ask for your domain password (Mine never changes so I’m ticking the remember password option, you might NOT want to do this) > And I’m setting Evolution as the default email client.

14. An there is my inbox.

15. And it will pull down the GAL from Exchange, as well as your personal contacts.

16. After a short while it will also sync and display your Exchange calendar.

In this example I’m using Ubuntu version 10

1. First you need to add in the “evolution-mapi” package > System > Administration > Synaptic Package Manager. (You may need to provide a password to proceed).

2. Locate the “evolution-mapi” package.

3. Mark it for installation.

4. You may have to agree to install some dependant packages > do so.

5. Ensure that evolution-mapi is now ticked and click “Apply”.

6. The packages will download and install.

7. Now you can launch Evolution > It should run the “Setup Assistant” > Forward. (Note: If you’re adding an additional account simply open Evolution > Edit > Preferences > Mail accounts > Add).

8. We are not restoring > Forward.

9. Type in your name and email address, this is going to be or default account so leave the default option ticked > Forward.

10. Change the server type to “Exchange MAPI” > Enter the server name/IP address, your domain user name, and the name of the domain > Authenticate.

Note: If it fails at this point, it may say “Authentication failed. MapiLogonProvider:MAPI_E_LOGON_FAILED

11. Enter the correct password for your domain account, tick the option to remember the password (Note: if you domain password changes often you might not want to do that) > OK.

12. All being well, you should see a successful result > OK > Forward.

13. Set the options as you require, these would be my personal preference > Forward.

14. Give the mail account a sensible name > Forward.

15. After a couple of minutes there’s your mailbox.

16. And Your Exchange 2010 Calendar sync’d.

17. And your contacts and address lists. (Note: The Exchange Global Address List, can take a couple of restarts before it starts to sync properly).

 

Related Articles, References, Credits, or External Links

NA

Exchange ActiveSync Not Working for Some Users “Post Migration”

KB ID 0000695

Problem

Error seen on some users on both Exchange 2007 and 2010, (post migration) form earlier versions of Exchange. When it fails you will also see this error.

Event ID 1053 MSExchange ActiveSync

Exchange ActiveSync doesn’t have sufficient permissions to create the “CN={User Name},OU=<OU Name>,DC={Domain Name},DC=com” container under Active Directory user “Active Directory operation failed on servername.domain-name.com This error is not retriable. Additional information: Access is denied.

Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

Make sure the user has inherited permission granted to domainExchange Servers to allow List, Create child, Delete child of object type “msExchangeActiveSyncDevices” and doesn’t have any deny permissions that block such operations.

Solution

Note: This can happen if the user is a member of any of these groups.

Account Operators
Administrators
Backup Operators
Domain Admins
Domain Controllers
Enterprise Admins
Print Operators
Read-only Domain Controllers
Replicator
Schema Admins
Server Operators

If your user IS a member of any of these groups, then have their ActiveSync device ready to be configured, as this fix will “revert” back every hour. If you get it connected and working before it reverts you will be fine.

Note: Users and mailbox’s created post migration are NOT affected.

1. On your Exchange Server > Launch the Exchange Management Console > Server Configuration > Select your CAS Server > Properties > Security Settings > Locate the DC that it is using.

2. Go the that Domain Controller, and press Windows Key+R > dsa.msc {enter} > Active Directory Users and Computers should open.

3. View > Ensure Advanced Features is enabled > Locate the problem user > Properties > Security > Advanced > Ensure Exchange Servers is present > Tick the box to “Allow inheritable permissions from this objects parent” > Apply.

4. Now attempt to connect your ActiveSync client.

Related Articles, References, Credits, or External Links

NA