The issue results from the existing framework, and when configuring that framework to manage Active Directory objects in a forest, it is designed to be pointed at the forest root.
At that point, it always connects to a server in the root and uses the ADSI api's to create a user in whichever child domain is needed. This process can be configured to return the domain controller used here (not the referral, but the root DC in whatever site was enumerated). That DC can then be passed to the Enable-Mailbox cmdlet but in this case it doesn't help. While we get the site we just created through, it's not the child domain and the lack of referral chasing makes that facility here irrelevant. We are working to modify the framework so that while it may target a root domain to enable the desired behavior, it enumerates the child domain requested for the create, then creates in that site and returns that DC which is more correct or useful really. The way this framework is designed, we more than likely only have a single exchange server we connect to, or if connecting to an org (better but less common in practice), we don't get to pick which mb server as its automatically discovered. Another enhancement might be to also infer the exchange server to connect to given the domain used for initial account creation. Thanks, jlc -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Michael B. Smith Sent: Friday, December 11, 2015 3:52 PM To: [email protected] Subject: [Exchange] RE: Exchange mailbox creation in forest Perhaps I'm completely misunderstanding. The lack of tracking referrals? How can you create a user in a domain without a writable DC for that domain? -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Joseph L. Casale Sent: Friday, December 11, 2015 2:27 PM To: '[email protected]' Subject: [Exchange] RE: Exchange mailbox creation in forest Well, I guess of there isn't a workaround we will modify the automation tools. The limitation seems a bit shocking. Thanks, jlc -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Michael B. Smith Sent: Friday, December 11, 2015 12:05 PM To: [email protected] Subject: [Exchange] RE: Exchange mailbox creation in forest It sounds to me like you already know the answer. :-) Or is there a question in there that I missed? -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Joseph L. Casale Sent: Friday, December 11, 2015 12:58 PM To: [email protected] Subject: [Exchange] Exchange mailbox creation in forest I am working with some automation in an Active Directory env with an empty root and a few child domains. The automation is selecting a random DC which happens to consistently be the forest level DC for account creation in child domains. I can get this value and want to use it as the DomainController parameter for Enable-Mailbox to ensure a successful creation in Exchange shortly after. Whether I provide the downlevel or distinguished name format, it doesn't help. It seems none of the exchange tools interpret referrals. The DomainController param apparently must be in the domain of the user? Anyone have any insight on this type of scenario? Thanks! jlc
