From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Wednesday, August 17, 2005 7:06 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] exchange weirdeness
From: [EMAIL PROTECTED] on behalf of Tom Kern
Sent: Wed 8/17/2005 5:22 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] exchange weirdeness
thanks a lot!!
On 8/17/05, Coleman, Hunter
<[EMAIL PROTECTED]> wrote:
> For folks who have already left, I'd go
with granting "Self" full
> mailbox access. I haven't tested it, but if
the account has already been
> disabled then I don't think that setting it
to expire on a date in the
> past will restore the necessary mailbox
permissions for you to access
> it.
>
> For future departures,
I think the ideal thing is to have some sort of
> deprovisioning utility
that handles disabling the account, possibly
> moving it to a different
OU, sets the Self mailbox access, and any other
> rules that your business
processes dictate. You could have that as a
> script or front-end it with
a web page.
>
> -----Original Message-----
> From:
[EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]
On Behalf Of Tom Kern
> Sent: Wednesday, August 17, 2005 2:06 PM
>
To: [EMAIL PROTECTED]
> Subject: Re: [ActiveDir] exchange
weirdeness
>
> so, what is a good practice to deal with user's who
have left and their
> mailboxes?
>
> Should you just expire
the account to a date in the past and then you
> can access their
box?
> or can you give "Self" full mailbox access to a disabled account
and
> then access the box?
>
> which way works?
> thanks
alot
>
> On 8/17/05, Coleman, Hunter <[EMAIL PROTECTED]>
wrote:
> > No. You're running into the msExchMasterAccountSID
problem.
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;555410
has
> > information, and points to the NoMAS tool. You can also handle
this by
>
> > setting the attributes manually or via
script.
> >
> > -----Original Message-----
> > From:
[EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]
On Behalf Of Tom Kern
> > Sent: Wednesday, August 17, 2005 12:48
PM
> > To: activedirectory
> > Subject: Re: [ActiveDir]
exchange weirdeness
> >
> > update- i enabled the user account
about 30mins ago and updated the
> RUS.
> > stilll i get
denied trying to log on via outlook and an event id
> > 9548 gets
logged on the exchange server everytime i try logging on,
> > stating
that the account is still disabled...
> >
> > replication
issue?
> >
> > dns is up and running. the only known issue is
no connectivity to the
> > root. but the root has no users or
mailservers.
> >
> > strange
> >
> > On
8/17/05, Tom Kern <[EMAIL PROTECTED]> wrote:
> > > I have
mailbox enabled users in AD that have been disabled. However
> > >
in
> >
> > > ESM, they are not marked as such. When i run
the cleanup agent, they
>
> > > are still not marked as
disabled.
> > >
> > > When i try to Exmerge the box, I
get an access denied error(i have
> > > full exchange admin rights
inherited from the org and full mailbox
> > > right on the
user).
> > > Also, i can't open their box via outlook as
well.
> > >
> > > My situation at this firm is as such-
we have no network
> > > connectivity to the root(for about 2 wks.
don't ask, long story..).
> > > The users are all in my child domain
as are their mailboxes. the
> > > root
> > is
empty.
> > >
> > > We are also running with netbios/tcp
disabled forest wide.
> > >
> > > i know there are some
issues with netbios being disabled and exmerge
>
> > > and ESM
and outlook. Could this be a cause? I don't know the exact
> > >
error you would get.
> > >
> > > I don't think having no
connectivity to the root should be an issue.
> > > We have 4 dc's, 3
of which are gc's in the child domain.
> > >
> > > any
advice would be great.
> > > thanks
> > >
> >
List info : http://www.activedir.org/Listaspx
>
> List FAQ : http://www.activedir.org/ListFAQ.aspx
>
> List archive:
> > http://www.mail-archive.com/activedir%40mail.activedir.org/
>
> List info : http://www.activedir.org/Listaspx
>
> List FAQ : http://www.activedir.org/ListFAQ.aspx
>
> List archive:
> > http://www.mail-archive.com/activedir%40mail.activedir.org/
>
>
> List info : http://www.activedir.org/Listaspx
>
List FAQ : http://www.activedir.org/ListFAQ.aspx
>
List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>
List info : http://www.activedir.org/Listaspx
>
List FAQ : http://www.activedir.org/ListFAQ.aspx
>
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
>
List
info : http://www.activedir.org/Listaspx
List
FAQ : http://www.activedir.org/ListFAQ.aspx
List
archive: http://www.mail-archive.com/activedir%40mail.activedir.org/