Are we talking about the right attribute here? msExchUserAccountControl is documented and controls locking out the account until the Recipient Update Service has populated the mail address attributes.
The LDIFDE problem, discussed in Q324353, is that this method does not set the msExchMailboxSecurityDescriptorAttribute for the user object before the mailbox is created; if this is not done Exchange cannot propogate permissions into the store. Creating with CDOEXM does this correctly. Q304935 has more on this attribute and how to programatically set it to correct the LDIFDE problem; and somewhere in one of these or a linked KB article is the flat statement that "the *only* way to create a mailbox programatically is with CDOEXM". > -----Original Message----- > From: Moore, David K [mailto:[EMAIL PROTECTED]] > Sent: 19 September 2002 21:17 > To: Exchange Discussions > Subject: It all started with a lie - Q313819 > > > > So, I write this to test the waters and see how others have > managed this issue - > > For many years, going back to 4.0, we used CSV files to > create/manage/delete mailboxes within Exchange and this > worked well. Then comes along Exchange 2000, which with it's > integration of Active Directory and the requirement to use > LDIFDE. Ok, no problem I can learn new tools and I learn the > silly new LDIF import format and I make it do what I want it > to do - mailbox enable an existing AD account. All is well > until a few weeks following the mailbox enabling of the > accounts, our users discover access to public folders (along > with free/busy, off-line address book, etc) can not be had. > A call to Microsoft produces the answer that, the attribute > of msExchUserAccountControl had not been properly populated > into AD. Microsoft writes a script for us that uses CDOEXM > to re-set the permissions and while this does resolve the > problem for existing users it doesn't resolve the on-going > problems. So, Microsoft transferred me between a few groups > (it's hard I guess to know what is what when you've got half > of your mail system managed by another non-communicative > group - Active Directory support) where I landed with an > LDIFDE support engineer. This engineer then proceeded to > explain that it was not possible to create mailbox enabled AD > accounts with LDIFDE and pointed me to an article Q324353 > [XADM: Users Cannot Access Public Folders or Delegate > Mailboxes on a Separate Server] which states: "If you want > to use LDIFDE/ADSI to create users, Microsoft recommends that > you use LDIFDE/ADSI to create only the user accounts, and > then use Active Directory Users and Computers to create the > mailboxes." to which I replied that Microsoft does support it > and the answer can be found in Q313819 - [HOW TO: Create > Mailbox-Enabled Account Using LDIFDE in Exchange 2000 Server] > and after a bit of discussion Microsoft decided that it > really "sucks". It all seems to boil down to the fact that > no one knows how the encoding of msExchUserAccountControl is > done (in PSS that is) and without the ability to set that > attribute at creation time, the RUS does not properly setup > the account and Microsoft has no intentions to support this, > even with the Q article on how to do it. > > So, my question? Simple - has anyone managed to use LDIFDE > to create and mailbox enable or just to mailbox enable an > existing account in AD and had it work properly, namely the > use of public folders? > > I don't know about others that have a long history with > Exchange but, do some of you feel that Exchange has made some > real steps "backward" from the functionality that Exchange > 5.5 had? And a word of warning to those still on 5.5 - if it > aint' broken, don't "fix" it. > > Thanks, > david moore > Chevron Phillips Chemical > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
