Hello, I am using exchange 2010 SP1 and FIM2010 for mail enabled users provisioning to AD. whenever i run sync rules, i get error ma-extension-error and event viewer shows me bellow attached log Log Name: Application Source: FIMSynchronizationService Date: 5/2/2011 1:45:10 AM Event ID: 6801 Task Category: Server Level: Error Keywords: Classic User: N/A Computer: rsv-fim2010.abc.local Description: The extensible extension returned an unsupported error. The stack trace is: "Microsoft.MetadirectoryServices.ExtensionException: **** ERROR **** ExternalEmailAddress is mandatory on MailUser. Property Name: ExternalEmailAddress **** END ERROR **** **** ERROR **** The mail contact and mail user must have a valid external e-mail address. Property Name: ExternalEmailAddress **** END ERROR **** **** ERROR **** The mail contact and mail user must have a valid external e-mail address. Property Name: ExternalEmailAddress **** END ERROR **** at Exch2010Extension.Exch2010ExtensionClass.AfterExportEntryToCd(Byte[] origAnchor, String origDN, String origDeltaEntryXml, Byte[] newAnchor, String newDN, String failedDeltaEntryXml, String errorMessage) Forefront Identity Manager 4.0.2592.0" Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="FIMSynchronizationService" /> <EventID Qualifiers="49152">6801</EventID> <Level>2</Level> <Task>3</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-05-02T08:45:10.000Z" /> <EventRecordID>85377</EventRecordID> <Channel>Application</Channel> <Computer>rsv-FIM2010.abc.local</Computer> <Security /> </System> <EventData> <Data>Microsoft.MetadirectoryServices.ExtensionException: **** ERROR **** ExternalEmailAddress is mandatory on MailUser. Property Name: ExternalEmailAddress **** END ERROR **** **** ERROR **** The mail contact and mail user must have a valid external e-mail address. Property Name: ExternalEmailAddress **** END ERROR **** **** ERROR **** The mail contact and mail user must have a valid external e-mail address. Property Name: ExternalEmailAddress **** END ERROR **** at Exch2010Extension.Exch2010ExtensionClass.AfterExportEntryToCd(Byte[] origAnchor, String origDN, String origDeltaEntryXml, Byte[] newAnchor, String newDN, String failedDeltaEntryXml, String errorMessage) Forefront Identity Manager 4.0.2592.0</Data> </EventData> </Event> i tried to goolge this error and found this was the issue with Exchange 2007 SP1 for which Microsoft has provided rollup 4 Please help me as i am not anymorw able to provision mail-enabled users. thanks in advance -Mohit GoyalCheers, Mohit Goyal

For MAIL-enabled users (not MAILBOX-enabled) users I have the following attributes (initial flow only): mailNickname, targetAddress. What attributes do you flow?

hello Thomas, I mean to say by mail enabled users is it must be mailbox enabled, i am trying to flow value in mailNickName attribute and Mail attribute.Cheers, Mohit Goyal

In my opinion it's advised to let Exchange handle the mail attribute. It will fill in that attribute based on the address policies which are active in the Exchange org. From the FIM Side I would flow mailNickname homeMDB msExchHomeServerName msExchRBACPolicyLink See FIM 2010: Exchange 2010 Mailbox Provisioning & OWA Options Panel http://setspn.blogspot.com

workingmind, If you are attempting to create user mailboxes in Exchange 2010, you need to also supply the homeMDB and msExchHomeServerName values. The error you receive you get when update-recipient, the powershell cmdlet that fires on objects during export from FIM 2010 to Exchange 2010, fails. If it fails, Exchange thinks the object is a contact or mail-enabled user, which require a targetAddress value as external email address. In order for this to work, WinRM must work between FIM sync server and target Exchange CAS server. Also, verify that Exchange 2010 URI is populated properly in properties for target MA. Glenn Zuckemran, Microsoft Support, FIM/ILM/CLM/FIM CM

Hello Glenn, I am already flowing - homeMDB - msExchHomeServerName - mDBUseDefault -mailNickName Exchange URI is same as before which is http://FQDN/Powershell , WinRM service is working and to make sure it is working i rebooted the server also but nothing changed. Please help.. -Mohit Goyal Cheers, Mohit Goyal

Are you trying this for a newly-to-be-provisioned-user in AD?http://setspn.blogspot.com

yes that`s correct..i am trying to provision newly created users in FIM portal to ADCheers, Mohit Goyal

I'm encountering the exact same error trying to provision users to AD and onto Exchange. Did you find a resolution to your problem?

I havd the sam error. I add the attributes: mailNickname homeMDB msExchHomeServerName msExchRBACPolicyLink but I still had the error. I found an answer to a similar problem when they DO NOT flow value to mailNickName (http://social.technet.microsoft.com/wiki/contents/articles/4076.aspx) Hope this helpJuanCC Technology Specialist

Did you validate that the homeMDB and msExchHomeServerName values have the correct DN syntax and are valid locations? I ran into this issue when we supplied incorrect values.