Hi, We have an Oracle to FIM to AD environment setup - and user accounts are being correctly created in AD via FIM. Next step is to create their mailboxes. We have done the following, but no mailboxes are being created: on the AD MA, selected Exchange 2007 under 'configure extensions' In the Sync rule we are flowing many attributes (since users are being created in AD) and the following Exchange attributes: DN, mailnickname, homeMDB, MDBuseDefaults The service account of FIM MA is a member of the Exchange Recipient Administrators group FIM is running on Windows 2008 R2, so Powershell is there, Exchange Mgmt console is installed on Sync Service server, exchange cmdlets are also there (tested them manually) Enabled the MV Rule Extension called: Exch2007Extension.dll Any idea on what step is missing? Thank you

Just noticed that Exchange 2007 is at SP2 level, while the MMC console installed on the FIM box is SP3 (because FIM is running on Windows 2008 R2). Upgrading Exchange to SP3 to see if that sorts it out.

Just noticed that Exchange 2007 is at SP2 level, while the MMC console installed on the FIM box is SP3 (because FIM is running on Windows 2008 R2). Upgrading Exchange to SP3 to see if that sorts it out. Nope, that did not fix things

After reading http://technet.microsoft.com/en-us/magazine/ff472471.aspx I changed the MV rules extension to GALSync.dll - but that did not work either. Sgould I see the following attributes in the AD Connector Space, cause they are not there: mailnickname, homeMDB, MDBuseDefaults Any ideas?

Your initial post looks like you have coverd the most. You definatelly don't need the GALSync.dll to provision mailboxes. Your event log on the Exchange CAS servers might tell you more. Check them at the time you run an export. Are your export run profiles running succesfully? Also: it's is to my understanding that mailbox provisioning will only be triggered when you flow those attributes during provisioning of the AD user object. If you add them afterwards, usrs will not get mailbox-enabled. I think.http://setspn.blogspot.com

Ah - that might be my problem then...the AD user accounts already exist...let me delete a couple of them and see what happens.

*in theory* you could (after FIM flowed all required attributes) do the mailbox-enabling yourself in the Exchange Management Shell: update-recipient -identity sAMAccountName The identity parameter also accepts other formats. This is what the sync engine does for new users. I have no clue how you could have it triggered for existing users though.http://setspn.blogspot.com

OK, deleted a few users, then got FIM to recreate their accounts successfully, it even populated the relevant Exchange attributes, but no mailbox has been generated. Export run is successful. Been looking at the Exchange servers Event log (CAS/Hub/MBX are all running on same server) - but cannot find any obvious errors or warnings. I can connect to the http://..../EWS path, and all the Stores are up and I can manually create mailboxes. On another note - can FIM really not create a mailbox for an already existing AD user?

If the account that the AD MA runs under, an Exchange Recipient administrator? Also, have you populated homeMDB attribute with a correct distinquishedName for a valid mailbox database ... and have you populated mailNickName for users? /SorenRegards, Soren Granfeldt http://granfeldt.blogspot.com

ah, I think you're unto something... HomeMDB is populated - got the path using ADSIEDIT. Exchange recipient Admin group contains the FIM MA service account not the AD MA service account - will need to change that Somehow I thought that since Exchange generates the mail address, it would populate the 'mailnickname' attribute, so I did not set it to anything...I was just flowing it from the MV into AD, and then from AD into MV...should I prepopulate the 'mailnickname' ? (it will be the same as the samAccountName)

You MUST populate the mailNickName attribute, otherwise the PowerShell cmdlet Update-Recipient will not be triggered, leaving you without a mailbox.Regards, Soren Granfeldt http://granfeldt.blogspot.com

right...that might be it then...will confirm in a few days - thanks Soren

right...that might be it then...will confirm in a few days - thanks Soren

right...that might be it then...will only be able to confirm in a few weeks though - thanks Soren