I always use a script to create accounts using a combination of ADSI and CDOEXM. And I populate the msExchAccountControl property in the process. With one little script, you can even go back to using your old CSV file format for creating things.
There's a perl sample at http://www.swinc.com/resource/scripts.htm and there are WSH samples around in several places too (what used to be the Compaq ActiveAnswers site for one, CDOLive also had one, the newsgroup archives have several). -----Original Message----- From: Moore, David K [mailto:[EMAIL PROTECTED]] Posted At: Thursday, September 19, 2002 3:17 PM Posted To: Microsoft Exchange Conversation: Test Subject: It all started with a lie - Q313819 So, I write this to test the waters and see how others have managed this issue - For many years, going back to 4.0, we used CSV files to create/manage/delete mailboxes within Exchange and this worked well. Then comes along Exchange 2000, which with it's integration of Active Directory and the requirement to use LDIFDE. Ok, no problem I can learn new tools and I learn the silly new LDIF import format and I make it do what I want it to do - mailbox enable an existing AD account. All is well until a few weeks following the mailbox enabling of the accounts, our users discover access to public folders (along with free/busy, off-line address book, etc) can not be had. A call to Microsoft produces the answer that, the attribute of msExchUserAccountControl had not been properly populated into AD. Microsoft writes a script for us that uses CDOEXM to re-set the permissions and while this does resolve the problem for existing users it doesn't resolve the on-going problems. So, Microsoft transferred me between a few groups (it's hard I guess to know what is what when you've got half of your mail system managed by another non-communicative group - Active Directory support) where I landed with an LDIFDE support engineer. This engineer then proceeded to explain that it was not possible to create mailbox enabled AD accounts with LDIFDE and pointed me to an article Q324353 [XADM: Users Cannot Access Public Folders or Delegate Mailboxes on a Separate Server] which states: "If you want to use LDIFDE/ADSI to create users, Microsoft recommends that you use LDIFDE/ADSI to create only the user accounts, and then use Active Directory Users and Computers to create the mailboxes." to which I replied that Microsoft does support it and the answer can be found in Q313819 - [HOW TO: Create Mailbox-Enabled Account Using LDIFDE in Exchange 2000 Server] and after a bit of discussion Microsoft decided that it really "sucks". It all seems to boil down to the fact that no one knows how the encoding of msExchUserAccountControl is done (in PSS that is) and without the ability to set that attribute at creation time, the RUS does not properly setup the account and Microsoft has no intentions to support this, even with the Q article on how to do it. So, my question? Simple - has anyone managed to use LDIFDE to create and mailbox enable or just to mailbox enable an existing account in AD and had it work properly, namely the use of public folders? I don't know about others that have a long history with Exchange but, do some of you feel that Exchange has made some real steps "backward" from the functionality that Exchange 5.5 had? And a word of warning to those still on 5.5 - if it aint' broken, don't "fix" it. Thanks, david moore Chevron Phillips Chemical _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
