Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
Exchange
2000.active.directory
2000.admin
2000.announcements
2000.app.conversion
2000.applications
2000.clients
2000.clustering
2000.connectivity
2000.development
2000.documentation
2000.general
2000.information.store
2000.interop
2000.kms
2000.misc
2000.protocols
2000.realtime.collabo.
2000.setup
2000.transport
2000.win2000
admin
application.conversion
applications
clients
clustering
connectivity
design
development
misc
mobility
setup
tools
  
 
date: Fri, 25 Jul 2008 00:10:20 -0700 (PDT),    group: microsoft.public.exchange.admin        back       


Is it safe to clear the legacyExchangeDN = ADCDisabledMail attribute on an Exchange admin?    
Hello,

We have an E2K/E2K3 Exchange Organisation which is still running in
mixed-mode. We removed our original Ex5.5 server after installing the
E2K server and uninstalled the ADC before installing the first E2K3
server. We share the SMTP address-space with a third-party e-mail
system.

One of our users, whose Window account is a domain/full exchange
administrator, used to have a mailbox on the Ex5.5 server. That
mailbox was deleted over a year ago and the account is not mail- or
mailbox-enabled. However, it's still holding onto the e-mail address
(only visible by doing a custom search on proxyaddresses) so we can't
assign that address to another account. It's also causing some
delivery problems. It seems that legacyExchangeDN is set to
ADCDisabledMail on the account.

To fix the problem, should we :
- right-click on the account in ADUC, select Establish email address,
give it the problem address and then use Delete e-mail address when it
becomes visible in ADUC?
- right-click on the account in ADUC and select Remove Exchange
attributes?
- or use ADSIedit to clear the legacyExchangeDN?

Given that the account is a domain/exchange admin, could those
modifications cause other problems to the whole Exhange installation?

We want to avoid deleting and recreating the Windows account.

Thanks,

- Alan.
date: Fri, 25 Jul 2008 00:10:20 -0700 (PDT)   author:   Alan

Re: Is it safe to clear the legacyExchangeDN = ADCDisabledMail attribute on an Exchange admin?    
On Fri, 25 Jul 2008 00:10:20 -0700 (PDT), Alan 
wrote:

					[ snip ]

>To fix the problem, should we :
>- right-click on the account in ADUC, select Establish email address,
>give it the problem address and then use Delete e-mail address when it
>becomes visible in ADUC?
>- right-click on the account in ADUC and select Remove Exchange
>attributes?
>- or use ADSIedit to clear the legacyExchangeDN?

Can't you just start with the 2nd step (removing the Exchange
attributes)? Or is that choice not offered? If not, then mail-enabling
and then removing the Exchange attributes from the user will work.

Removing the legacyExchangeDN without dealing with the real problem
doesn't make a lot of sense.

>Given that the account is a domain/exchange admin, could those
>modifications cause other problems to the whole Exhange installation?

No. But I'd be sure to remove that account from any delegated roles in
Exchange before you do anything else. Removing the attributes that are
causing the problem won't have any effect on the operation of
Exchange, but Domain Admins really should be using their account for
tasks that need that level of privilege. An Exchange admin (of any
sort) doesn't need the ability to, for example, change the password
policy for the domain. :-)
---
Rich Matheisen
MCSE+I, Exchange MVP
date: Fri, 25 Jul 2008 20:27:52 -0400   author:   Rich Matheisen [MVP]

Re: Is it safe to clear the legacyExchangeDN = ADCDisabledMail attribute on an Exchange admin?    
Thanks Rich. Yes, the "Remove Exchange attributes" option is there
when I right-click on the account and I'll try that... I've just
always been worried by the dire-sounding warning it gives, more so
when it's on acting on an admin account!

- Alan.

On Jul 26, 2:27 am, "Rich Matheisen [MVP]"
 wrote:
> On Fri, 25 Jul 2008 00:10:20 -0700 (PDT), Alan 
> wrote:
>
>                                         [ snip ]
>
> >To fix the problem, should we :
> >- right-click on the account in ADUC, select Establish email address,
> >give it the problem address and then use Delete e-mail address when it
> >becomes visible in ADUC?
> >- right-click on the account in ADUC and select Remove Exchange
> >attributes?
> >- or use ADSIedit to clear the legacyExchangeDN?
>
> Can't you just start with the 2nd step (removing the Exchange
> attributes)? Or is that choice not offered? If not, then mail-enabling
> and then removing the Exchange attributes from the user will work.
>
> Removing the legacyExchangeDN without dealing with the real problem
> doesn't make a lot of sense.
>
> >Given that the account is a domain/exchange admin, could those
> >modifications cause other problems to the whole Exhange installation?
>
> No. But I'd be sure to remove that account from any delegated roles in
> Exchange before you do anything else. Removing the attributes that are
> causing the problem won't have any effect on the operation of
> Exchange, but Domain Admins really should be using their account for
> tasks that need that level of privilege. An Exchange admin (of any
> sort) doesn't need the ability to, for example, change the password
> policy for the domain. :-)
> ---
> Rich Matheisen
> MCSE, Exchange MVP
date: Sun, 27 Jul 2008 07:35:55 -0700 (PDT)   author:   Alan

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us