This script may be the answer....if it fixes accounts across the whole forest, I can set an At job to run once a week. I do get this erro on some accounts though:
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Wednesday, November 09, 2005 1:11 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Automating NoMas Something like this might be of interest. http://www.microsoft.com/technet/prodtechnol/exchange/guides/DROpsGuide/a209faf9-91a1-46d7-8a6d-538ce3fba85d.mspx The best way would be to disassociate the mailbox from the account and maintain the mailbox for as long as the account retention requires (keep them matched). That would require you to keep track of where a user's mailstore is located of course. Note, this approach doesn't scale well. At all. That's why the above mentioned script exists in the first place. Most people want to keep the user and the mailbox objects tied together until both are removed (if removed at all). Or, they tend to have a separate group that does AD administration but has nothing to do with the mailbox provisioning which also easily results in this type of situation. I agree with Joe that the ADUC with Exchange integrated tools should handle this more gracefully, but it's never that simple. ;-) -ajm >From: "Harding, Devon" <[EMAIL PROTECTED]> >Reply-To: ActiveDir@mail.activedir.org >To: <ActiveDir@mail.activedir.org> >Subject: RE: [ActiveDir] Automating NoMas >Date: Wed, 9 Nov 2005 12:25:19 -0500 > >Ok with that said, what would be the correct way or tools to disable a mail >enabled account in Active Directory? > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of joe >Sent: Wednesday, November 09, 2005 11:49 AM >To: ActiveDir@mail.activedir.org >Subject: RE: [ActiveDir] Automating NoMas > >Let me restate this just a little. > >The issue are due to Exchange Dev having an incomplete understanding of how >people do things in the enterprise and assuming that the only time a >disabled account could have a mailbox is because it is a resource mailbox >so >instead of having an attribute for it they assume and then after assuming >run into all sorts of issues with their assumption. > > >From our side, it means that we have to adjust how we deprovision >accounts >to properly populate the directory so Exchange doesn't get its panties in a >bunch. And yes, enough of these will get your Exchange server's panties in >a >bunch. Lots of folks (primarily from MS) like to say these are meaningless >and can't hurt anything but I have seen multiple cases where they caused >store hangs and queues. I actually got an MS person to admin they were a >huge issue about 2-3 years ago but couldn't get the person to give me an >email stating that. I understood completely. > >The interesting thing is that you would at least expect ADUC with the >Exchange extensions to properly disable these accounts but nope, we have to >handle it manually. But that is ok, we really shouldn't be using ADUC to >manage users in larger orgs anyway. No business rules, no decent logging, >too many people with too many permissions: you want to use provisioning >tools, either self written or purchased. > > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of joe >Sent: Wednesday, November 09, 2005 10:59 AM >To: ActiveDir@mail.activedir.org >Subject: RE: [ActiveDir] Automating NoMas > >Correct your deprovisioning process. Those issues are due to incorrectly >setting values on mailbox enabled users. Basically bad data is going in the >directory and then you are manually swinging back and correcting it. > > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon >Sent: Wednesday, November 09, 2005 9:18 AM >To: ActiveDir@mail.activedir.org >Subject: [ActiveDir] Automating NoMas > >How can I prevent the Event ID error 9548(MSExchangeIS) from happening? I >normally use NoMas to fix em, but I want to prevent them from happening. > >Would it be possible to create a script that runs like every morning and >perform exactly what NoMas does for every child domain I have? > > >Devon Harding >Windows Systems Engineer >Southern Wine & Spirits - BSG >954-602-2469 > > >----------------------------------------- >__________________________________ >This message and any attachments are solely for the intended recipient and >may contain confidential or privileged information. If you are not the >intended recipient, any disclosure, copying, use or distribution of the >information included in the message and any attachments is prohibited. If >you have received this communication in error, please notify us by reply >e-mail and immediately and permanently delete this message and any >attachments. Thank You. > >List info : http://www.activedir.org/List.aspx >List FAQ : http://www.activedir.org/ListFAQ.aspx >List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > >List info : http://www.activedir.org/List.aspx >List FAQ : http://www.activedir.org/ListFAQ.aspx >List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > >List info : http://www.activedir.org/List.aspx >List FAQ : http://www.activedir.org/ListFAQ.aspx >List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ >List info : http://www.activedir.org/List.aspx >List FAQ : http://www.activedir.org/ListFAQ.aspx >List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
