I manage a network on a college campus and have to create 500+ accounts/mailboxes every fall. I also have to delete that many and I have to do a whole lot of security group/distribution group management and housekeeping as well. I used a heavily modified addusers.vbs this term to create my accounts but found that it was much easier to go into AD Users and Computers and create my mailboxes in bulk after the user accounts were done. That is one of the very few things that you can still do in bulk. I have not had much time to play with it (maybe a week now) but I just found a little toy called ADVantage from Javelina Software that has a lot of Active Directory bulk modification features (it also does a lot of reporting and management on Win2K ACLS). I don't see any Exch2K features yet but it is version 1.0 so that may be forthcoming. I have downloaded a 1 month trial version to play with and I am going to keep a close eye on where they go with it because it could be extremely useful.
Jeff Hague Network Manager Randolph-Macon College -----Original Message----- From: Moore, David K [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 19, 2002 4:17 PM To: Exchange Discussions Subject: It all started with a lie - Q313819 So, I write this to test the waters and see how others have managed this issue - For many years, going back to 4.0, we used CSV files to create/manage/delete mailboxes within Exchange and this worked well. Then comes along Exchange 2000, which with it's integration of Active Directory and the requirement to use LDIFDE. Ok, no problem I can learn new tools and I learn the silly new LDIF import format and I make it do what I want it to do - mailbox enable an existing AD account. All is well until a few weeks following the mailbox enabling of the accounts, our users discover access to public folders (along with free/busy, off-line address book, etc) can not be had. A call to Microsoft produces the answer that, the attribute of msExchUserAccountControl had not been properly populated into AD. Microsoft writes a script for us that uses CDOEXM to re-set the permissions and while this does resolve the problem for existing users it doesn't resolve the on-going problems. So, Microsoft transferred me between a few groups (it's hard I guess to know what is what when you've got half of your mail system managed by another non-communicative group - Active Directory support) where I landed with an LDIFDE support engineer. This engineer then proceeded to explain that it was not possible to create mailbox enabled AD accounts with LDIFDE and pointed me to an article Q324353 [XADM: Users Cannot Access Public Folders or Delegate Mailboxes on a Separate Server] which states: "If you want to use LDIFDE/ADSI to create users, Microsoft recommends that you use LDIFDE/ADSI to create only the user accounts, and then use Active Directory Users and Computers to create the mailboxes." to which I replied that Microsoft does support it and the answer can be found in Q313819 - [HOW TO: Create Mailbox-Enabled Account Using LDIFDE in Exchange 2000 Server] and after a bit of discussion Microsoft decided that it really "sucks". It all seems to boil down to the fact that no one knows how the encoding of msExchUserAccountControl is done (in PSS that is) and without the ability to set that attribute at creation time, the RUS does not properly setup the account and Microsoft has no intentions to support this, even with the Q article on how to do it. So, my question? Simple - has anyone managed to use LDIFDE to create and mailbox enable or just to mailbox enable an existing account in AD and had it work properly, namely the use of public folders? I don't know about others that have a long history with Exchange but, do some of you feel that Exchange has made some real steps "backward" from the functionality that Exchange 5.5 had? And a word of warning to those still on 5.5 - if it aint' broken, don't "fix" it. Thanks, david moore Chevron Phillips Chemical _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
