WindowsDevCenter.com

Cooking with Windows Server, Part 2
Pages: 1, 2, 3

Discussion

A mailbox-enabled user is a user who has a mailbox defined in the Exchange organization where the user object exists. This is the most common object in an Exchange organization.

TIP: Mailbox-enabling a user requires Exchange Data Administrator permissions. See the Discussion for Recipe 17.7.

When you create a mailbox for a user with the GUI or VBScript, you call out to the CreateMailbox CDOEXM interface. In the background, the specific changes made by the CreateMailbox method are on the user object in Active Directory and include changes to the following attributes:

mDBUseDefaults
msExchUserAccountControl
homeMTA
msExchHomeServerName
homeMDB
mailNickname
msExchMailboxGuid
msExchMailboxSecurityDescriptor
legacyExchangeDN

Once all of those attributes are in place, the RUS sets additional attributes on the user object. The mailbox cannot be used nor receive email until the RUS has gone through this stamping process.

Using a Graphical User Interface

Creating a mailbox when you create a new user is a trivial task with ADUC because you simply need to specify the email alias and where in the Exchange organization the mailbox should reside. All of the guesswork on where the mailbox can go is removed because you have to select the location from the drop-down menu.

Using a Command-Line Interface

Prior to the ExchMbx tool, there was no simple way to mailbox-enable a user from the command line. The LDIFDE method is not feasible because the msExchMailboxSecurityDescriptor attribute is a binary value and difficult to manipulate with LDIF files and text editors. For flexibility, ExchMbx allows you to specify the entire homeMDB URL, or you can specify the server, storage group, and mailbox store.

TIP: If you want to mailbox-enable multiple users at once, remove the -b option from the parameter list and pipe the distinguished names into ExchMbx from another tool or from a file. Run exchmbx /? for usage details.

Using VBScript

The trickiest part of creating a mailbox for a user with VBScript is to know what to use for the homeMDB attribute. If you use the wrong value you will get the error: "The server is not operational," which isn't helpful feedback. This is where the GUI method is nice, because it looks up all of the possible values for you and lets you select from the list.

I present an alternative scripting method in Recipe 17.16, which lets you specify three well-known pieces of information to locate the proper homeMDB value. Finally, another alternative would be to search Active Directory for all valid homeMDB values, display them, and have the person running the script select from the list just like ADUC does. This third method involves searching against the Configuration container of Active Directory with the following filter: (objectcategory=msExchPrivateMDB).