Automate deletion of ADCGlobalNames field in Exchange 5.5
Due to a poorly executed AD migration we need to do a mass cleanup and
remove the ADCGlobalNames in bulk from several hundred Exchange 5.5
mailboxes.
Does anyone have an idea of how to automate this? The field isn't
available through a directory export/import and I'd rather not do it by
hand with the Exch Admin in raw mode, if possible...
We can get at the MSExchGlobalNames field in AD with killmail.exe from
MS, or through LDAP but 5.5 is the magic question.
Here's a good description of the problem and fix from another post.
<snip>
From: Scott Dickens - view profile
Date: Tues, Dec 10 2002 6:33 am
Email: "Scott Dickens"
Groups: microsoft.public.exchange2000.active.directory.integration
Not yet rated
Rating:
show options
Reply to Author | Forward | Print | Individual Message | Show original
| Report Abuse | Find messages by this author
It sounds like the correct user account is mail-enabled while the
disabled
account is mailbox-enabled. This can happen if the PrimaryWindowsNT
account
of the 5.5 mailbox (in your case the "correct" account) has some mail
attributes on it prior to the ADC replicating. The most common of these
attributes is the e-mail field on the General tab of the user object in
AD.
When the ADC does the initial replication of theobject from 5.5 to AD
it
tries to match on the PrimaryWindowsNT account - in this case it finds
your
"correct" user account. It performs some initial sanity checks and
notices
that the target account in AD already has some mail attributes on it.
As a
result, it thinks that that account is already mail-enabled and does
not
match on it; instead, it creates a disabled mailbox-enabled user
account and
links with it. When the ADC back-replicates from AD to 5.5 it again
evaluates the "correct" user account. It sees that it has some mail
properties so it replicates the object to 5.5 as a contact. To resolve
the
issue, you would perform the steps as outlined in the article:
1) Stop the ADC service
2) Identify what accounts are linked to whom - I would probably expect
you
to see something like the following:
Good Mailbox in 5.5 <--> Disabled account in AD
Contact in 5.5 <--> Enabled "correct" account in AD
If you look at the EX5 value of the msExchADCGlobalNames attribute on
the
disabled and enabled "correct" accounts in AD (using LDP or ADSIEdit)
it
will tell you the distinguished name of the object that you are linked
to in
5.5
3) Assuming that you are running the SP2 or greater version of ESM,
right-click the disabled user account in AD, choose Exchange tasks, and
remove all Exchange attributes. Perform the same operation on the
enabled
"correct" AD account.
4) Open up 5.5 Admin in RAW mode. Go to the two 5.5 objects that the AD
accounts are linked with (identified in step 2 above), pull up RAW
properties on thsoe accounts, and remove the ADC-Global-Names values.
When
through, the attribute ADC-Global-Names should have no value (not set).
5) In 5.5, delete the unwanted contact created by the ADC. In AD,
delete the
disabled user account.
6) In 5.5, on the good mailbox entry ensure the PrimaryWindowsNT
account is
your "correct" AD account.
7) Turn on the ADC.
8) Right-click now on the Recipient Connection agreement and choose to
replicate now.
9) Ensure that things worked out.
Also, please ensure that you are using the SP3 version of the ADC as
you
don't want to be hitting this - 294322 XCON: ADC May Delete Mailbox and
Replace with a Custom Recipient
http://support.microsoft.com/?id=294322. For more information on the
ADCGlobalNames attribute please take a look at 316280 XADM: A
Description of
the "ADC Global Names" Attribute
http://support.microsoft.com/?id=316280.
HTH,
--Scott
date: 14 Feb 2006 09:50:35 -0800
author: johns
