Best way using a sync rule to create mail user on Exchange 2010
I am trying to create mail users rather than mailboxes for users that will be provisioned in live.edu in a shared email domain. I have tried a few ways to do this and cannont find the right combination of attributes in the outbound attribute flow that will get the exchange 2010 cmdlet to provision a mailuser rather than a mailbox. Does any one have an example of how to do this or give me some hints on how to accomplish this? Thanks Randy
April 25th, 2012 11:18am

So as I understand it the users will have mailboxes in Live@edu, so for your own AD you want them to be mail-enabled users. Is that correct? When provisioning using FIM it will of course call the updateRecipient commandlet. So the first question is can the update-recipient commandlet be used to accomplish this? Yes. The update-recipient commandlet documentation is vague on what it precisely does, however I do know that FIM will call it for every object that it exports to AD: users and well as contacts. I know I have used FIM to create mail enabled users (w/o mailboxes). Typically we were adapting the GalSync solution to create mail enabled users instead of contacts so I know it can be done (by setting several attributes and calling update-recipient). In the article "Prepare Mailboxes for Cross-Forest Moves Using the Prepare-MoveRequest.ps1 script in the Shell" we see documentation that matches my experience: When the Update-Recipient cmdlet is called to convert the target object into a mail-enabled user, a new LegacyExchangeDN attribute is generated for the target mail-enabled user. The script copies the LegacyExchangeDN attribute of the target mail-enabled user as an x500 address to the proxyAddress properties of the source mailbox user. This action ensures the correct resolution of recipients when messages are sent between the source and target forests. The next question is which attributes are needed to create a mail-enabled user without creating him a mailbox: The answer comes from http://support.microsoft.com/kb/275636: mailNickname: This attribute is the alias to the mailbox.displayName: This attribute is the text that is the readable name that represents you for mail delivery, and also in the address book.targetAddress: This attribute is the e-mail address to which you want to redirect the mail. This attribute is formatted like the proxyAddresses attribute, where there is a prefix that defines the address type, for example, "SMTP:gyip@microsoft.com". Additional evidence/examples: A post by Jan Egil Ring links to a script he created that shows what attributes he sets in creating a user before calling update-Recpient to make it mail-enabled: Set-QADUser -Identity $TargetObject -ObjectAttributes @{mail=$mail;mailNickname=$mailNickname;msExchMailboxGUID=$msExchMailboxGUID;msExchRecipientDisplayType=$msExchRecipientDisplayType;msExchRecipientTypeDetails=$msExchRecipientTypeDetails;msExchUserCulture=$msExchUserCulture;msExchVersion=$msExchVersion;proxyAddresses=$proxyAddresses;targetAddress=$targetAddress;userAccountControl=$userAccountControl} | Out-Null #Update Exchange-attributes (LegacyExchangeDN etc.) Get-MailUser $TargetObject | Update-Recipient The following is an article containing code samples using ILM to create a mailenabled user as opposed to a mailbox enabled user. This also accomplishes the task. Probably setting more attributes than needed http://technet.microsoft.com/en-us/library/ee861124.aspxDavid Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html
Free Windows Admin Tool Kit Click here and download it now
April 25th, 2012 2:43pm

Thanks for all this information David. It is working perfectly now! I really appreciate the time you took to answer this for me. Randy
April 25th, 2012 10:29pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics