Network Engineering

Frequently Asked Questions
Exchange 2003 and Active Directory Administration

Account and Mailbox Administration

Recreating a Mailbox

Recreating a mailbox can be a great troubleshooting tool, by starting with a clean slate you can insure that there are no corrupted mailboxes. In the most general of terms the process is simple and quick. Export the mailbox data, delete the AD account, recreate the AD account,create and attach a new mailbox, import the old mailbox data into the new mailbox.

1. Open the mailbox containing the customers email in outlook and use the import/export wizard to export to .pst
2. Open AD and locate the affiliated account
3. Write down any information you will need for the next account. (groups, permissions, account details)
4. Open System Manager, Click on Start, Programs, Microsoft Exchange, System Manager.
5. Browse to Administrative Groups, Central Email Services, Servers, Servername, Storage Group, Store.
6. Click on Mailboxes and create a new mailbox.
7. Delete the account, create a new account with the new mailbox.
8. Open the blank mailbox in Outlook, import/export wizard, import the .pst.

[top]

Timeout on Contact Creation

Normally this timeout happens because the 'contact' already exists in exchange. By their very nature a 'contact' is an AD object for an outside email address. There has been confusion on why this occurs with ONID accounts, the answer is because perl scripts on admin.onid process data from Banner and update both AD and LDAP (UNIX) accounts.

The key point to take away is that your contact will most often timeout when you are trying to create a contact for someone who already is listed in AD. If you are trying to locate the AD copy of the ONID account you will need to connect to onid.oregonstate.edu. You cannot create a contact for an ONID account, as ONID accounts are already listed in AD you simply have to add them to the proper security groups.

[top]

Added an Alias and Can't Send

There is a maximum number of aliases one email address is allowed to have. If you've recently added an alias to an email address and you recieve an error when sending to it that looks like the below NDR you may need to remove additional email aliases.

550 5.1.1 : Recipient address rejected: User unknown in virtual alias table.

Solution: You have too many SMTP addresses on this account. The virtual users table script only allows 2 @oregonstate.edu addresses.

[top]

Open Additional Mailbox

As the Exchange administrator for your group, you have permissions to open all mailboxes in your Exchange store. This can be very useful for troubleshooting and diagnosing problems with mailboxes that are over quota, finding missing messages, recovering deleted items, etc. You do NOT need to know the user's password to open their mailbox. In general, it is not a good idea to ask a user for their password.

Note: Opening a user's mailbox should only be done with the person's knowledge or at direction from the dean or department head.

MAPI (Outlook client)

To open another user's mailbox, the easiest way is to add it to your Outlook profile:

1. In the folder list on the left, right-click on the top level of your Mailbox.
2. Choose Properties.
3. Click the Advanced button.
4. Select the Advanced tab.
5. Click Add and enter the person's name or mailbox alias.
6. Click OK twice.

You will see the secondary mailbox added to your profile under the Folder List on the left. To remove it, go through the same steps above, but choose Remove instead of Add.

Alternatively, you can create a new Outlook profile on your computer for the user, and simply run Outlook with that profile set as primary. (Or, configure Outlook to prompt for a profile to use.)

Outlook Web Access

To open another user's mailbox in Outlook Web Access, first login as you would normally. After logging into OWA, add the prefix of the person's @oregonstate.edu email address to the URL and hit enter. For example, to open the mailbox for a user who's email address is Bart.Simpson@oregonstate.edu, type the following into the URL after logging into Outlook Web Access:

https://exmail.oregonstate.edu/exchange/Bart.Simpson

To re-open your own mailbox, simply clear the other person's name from the URL and hit enter again. lisa.simpson@oregonstate.edu

POP/IMAP

You can also use a POP or IMAP client to open another user's mailbox. Configure the mail client as you would normally (POP/IMAP instructions). For the username, enter your domain\username, and your password, and add the other person's mailbox alias, UPN, or pre-windows 2000-style login, like this:

username: domain\username\alias
or
username: domain\username\UPN
or
username: domain\username\login_name

The pre-windows 2000-style login and the User Principal Name (UPN) can be found on the Account tab in Active Directory. The pre-windows2000 login name is not required to be unique, so you may have trouble using it. The UPN is required to be unique, so you may be better off using that. In our AD forest, most Exchange users will have a UPN that matches their @oregonstate.edu e-mail address.

The "alias" in the example above refers to the Exchange mailbox alias of the other user. You can find this attribute on the Exchange General tab in AD Users & Computers. It is also not required to be unique in the forest, so it could be problematic to use.

[top]

View Mailbox Size

There are two ways to check the size of a mailbox.

The first method is to add the user's mailbox to your profile in the Outlook client (in MAPI mode), then right-click on the mailbox under the Folder List and choose Properties, Folder Size. The Folder Size button will show you the total size of the mailbox, as well as the size per folder.

The other method is to use Exchange System Manager:

1. Click on Start - Programs - Microsoft Exchange - System Manager
2. Once in the utility, expand the following:
   • Administrative Groups
   • Central Email Services
   • Servers
   • Servername
   • Storage Group
   • Mailbox Store
3. Click on Mailboxes.
4. On the right, you will see a list of all the mailboxes in your store with size, number of items and last login time.

[top]

Change an Account Name

To change a person's name in Active Directory, do the following:

1. In Active Directory Users & Computers, right-click on the user object and choose Rename.
2. Type in the new name for the user object and hit Enter.
3. A "Rename User" window will pop-up. From here, update the Full Name, First and Last Name, Display Name, logon name, and pre-Windows 2000 logon name, as needed. Click OK.
4. Right-click on the user object again and choose Properties. Select the Exchange General tab. From here you can update the Exchange alias. It's generally a good idea to make it match the pre-windows 2000 logon name.
5. Choose the Email addresses tab. You can either replace the current @oregonstate.edu address with the new one, or add a new email address to reflect the person's new name. Objects are allowed to have up to 2 email aliases total (aliases are addresses that end in @oregonstate.edu). Once people have learned the new email address, you can remove the old one.

[top]

Update SMTP address

If you have recieved an error similar to:

"An Exchange Server could not be found in the domain.
Check if the Microsoft system Attendent services is running on the Exchange Server.
ID no. c10308a2
Microsoft Active directory - Exchange Extension"

Then you'll need to follow this procedure to get administrative access.

To change a person's SMTP address in Active Directory, follow these steps:

1. Contact itconsult, give us the ip of your workstation (cannot be in a dynamic range)
2. Network Engineering will grant access to this ip address (this is to minimize our servers' exposure)
3. In Active Directory Users & Computers, double click on the user object, navigate to 'E-mail Addresses' tab
4. Select the SMTP (all capitals); this is the primary SMTP address. click Edit
5. Format the email address and click OK
6. It could take up to an hour for the new address to change

[top]

Reconnect a Deleted Mailbox

When you delete an account in AD, the associated mailbox is always deleted - this is by design. However, we retain deleted mailboxes on the system for 90 days before they are completely purged. In that time, you can reconnect a deleted mailbox to another account. The account that you reconnect to must not already have a mailbox associated with it.

NOTE: When a mailbox is deleted, the SMTP addresses are lost and will need to be added back when you reconnect the mailbox. Permissions set on the mailbox are maintained.

To reconnect a mailbox, you need to use the Exchange System Manager tool. Here is the procedure:

1. Open System Manager. Click on Start, Programs, Microsoft Exchange, System Manager.
2. Browse to Administrative Groups, Central Email Services, Servers, Servername, Storage Group, Store.
3. Click on Mailboxes.
4. On the right, look for the deleted mailbox - it will have a red X next to it.
5. Right-click the deleted mailbox and choose Reconnect.
6. Find the account to associate the mailbox with and choose OK.
7. You may see a warning pop up about replication - just click OK.
8. Once the e-mail attributes have replicated to the new user object, add the SMTP addresses back.

[top]

Adjust Mailbox/Account Affiliation

In order to associate a mailbox with a different account, you have to "delete" the mailbox. The mailbox will be diconnected from the account and can then be reconnected to another account that does not already have a mailbox.

To disconnect the mailbox, right-click on the account in AD Users & Computers and choose Exchange Tasks. Then, choose the option to "Delete Mailbox" and follow the prompts.

To reconnect the mailbox to a different account, follow the steps listed above.

NOTE: When a mailbox is deleted, the SMTP addresses are lost and will need to be added back when you reconnect the mailbox.

[top]

Disable an Exchange user

Before disabling an Exchange user in Active Directory, you need to set the "associated external account" permission. Unfortunately, the tools do not make this change for you. Failing to set the associated external account permission will cause a disabled user to no longer receive mail.

When disabling a mailbox-enabled account, follow these steps:

• Start the Active Directory Users and Computers MMC snap-in.
• Click View, and then make sure that the Advanced Features check box is selected.
• Right-click the user account and choose Properties.
• Click the Exchange Advanced tab and choose Mailbox Rights.
• If another account currently has the "associated external account" right, uncheck it.
• Grant the "associated external account" right to the special SELF group.
• Save changes and close the property sheet.
• Wait 15 minutes for replication.
• After 15 minutes, right-click the user account and choose Disable Account.

It may take up to 2 hours for the mailbox to begin funtioning normally again.

For more information, please see the following Microsoft Knowledgebase article: 319047

[top]

Mailbox Rights on new users SELF only

When you create a new mailbox, you may notice that the Mailbox Rights on the Exchange Advanced tab shows only "SELF" and none of the other usual inherited permissions. This is because the mailbox is not actually created in the store until it has been opened for the first time or has received its first message.

For more information, please see the following Microsoft Knowledge Base article: Q272153

[top]

Maximum Mailbox Size

The maximum mailbox size for Exchange 2000/2003 is 2GB. If you try to set the quota higher than 2GB, you will receive this error:

The value for 'prohibit send' at (KB) is not valid. Specify a value from 0 through 2097151.

The reason for this limit is that there is a 2GB limit on .ost and .pst files. If a mailbox was allowed to exceed 2GB, it would be more difficult to restore, and would be impossible to access in offline mode. The 2GB limit on mailbox sizes is programmed into Exchange and modifying that limit is not recommended:

microsoft.public.exchange2000.admin newsgroup article

If you have a user who requires more than 2GB of email space, create an additional mailbox and add it to their profile.

[top]

Account Domain Changes

If a user is moving to a different department on campus, and that department also manages accounts in Active Directory, we can move the account between domains. Mailboxes can also be moved between Exchange mailbox stores or servers. There is no need to create a new account for someone if they already have one in Active Directory.

Only Enterprise Admins can move accounts between domains. To have an account moved, please send email to itconsult(@)oregonstate.edu. We will help you coordinate with the DCA currently responsible for the account to find a good time to schedule the move.

[top]