Skip to content
{ 2008 10 06 }

Exchange 2007 Provisioning

Since finally getting around to enabling blog stats I can see the Exchange posts continue to be popular so, to add to the series, here is a step-by-step guide to basic Exchange 2007 provisioning with ILM 2007.

Set up the ILM server

In addition to the usual ILM requirements, you will need to install the following on your ILM server:

  1. Powershell
  2. Exchange 2007 management tools

Configure the Exchange MA

Exchange mailboxes are provisioned using the regular AD management agent, with a couple of specific configurations.

  1. You must tick Enable Exchange 2007 provisioning on the Extensions tab, and
  2. You must have the following attributes selected on the Select Attributes tab:
    • homeMDB
    • mail
    • mailNickname
    • mDBUseDefaults
    • msExchMailboxSecurityDescriptor

Source Data

You must flow the mail address and the mail alias (the bit before the “@”) into the metaverse from somewhere.

I also find it simplest to flow in a value for homeMDB as well (and the provisioning code below assumes this to be the case).

The homeMDB is where you set the mail server and mail database for the user’s mailbox. It will look something like this:

CN=mail_db,CN=First Storage Group,CN=InformationStore,CN=server,CN=Servers,
CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,
CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mydomain,DC=com

If you only  have one server and mail database then populating this attribute will be a simple matter of flowing in a constant value.

If you have multiple MDBs then you will have to decide how to populate homeMDB for different users. You might have a simple rule based on surname or employee number, or perhaps you could encorporate something like this powershell script to locate the smallest MDB.

Provisioning Code

The provisioning code is actually no different to Exchange 2003. Here is a code sample which creates the user and mailbox together.

Dim CSEntry As CSEntry = ExchangeUtils.CreateMailbox(MA, DN, _
                           mventry("mail").Value.Split(chr("@"))(0), _
                           mventry("homeMDB").Value)
CSEntry("unicodepwd").Values.Add(mventry("userPassword").Value)
CSEntry("description").Value = "Account created " + Today.ToString("d")
CSEntry("userAccountControl").IntegerValue = ADS_UF_NORMAL_ACCOUNT
CSEntry.CommitNewConnector()

Troubleshooting

Not exhaustive by any means - but here are a couple of errors I encountered during testing.

Export error 1

Error stopped-dll-exception on Export step, and
MIIServer event 6801 in the Application Event Log with the message:

"System.IO.FileNotFoundException: Could not load file or assembly
'System.Management.Automation, Version=1.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The
system cannot find the file specified."

This happened when I deliberately tried an export before installing powershell and the Exchange management tools.

Export error 2

Error completed-export-error with ma-extension-error on the Export step, and
MIIServer event 6801 in the Application Event Log with the message:

 "Microsoft.MetadirectoryServices.ExtensionException: Unable to find
'192.168.126.150' computer information in domain controller '192.168.126.150:389'
to perform the suitability check. Verify the fully qualified domain name."

I was provisioning Exchange mailboxes to a different domain and, depsite having a secondary DNS domain configured in the local domain, ILM was defaulting to using the ip address of the foreign DC. I changed the MA configuration to force it to hardcode the DNS name of the DC (Configure Directory Partitions, Domain controller connection settings) and then it was fine.

I think this error has something to do with the Update-Recipient powershell component. I am guessing it gets the DC information from the MA and if, for some reason, the ip address is there instead of the domain name, the cmdlet fails.

Older versions of ILM/MIIS

Only ILM 2007 FP1 has the Exchange 2007 support, so if you’re on an older version you need to upgrade. It is a very straight-forward operation – I have now done three in-place upgrades of production MIIS/ILM installations and they have all gone without a hitch – so what are you waiting for?

Just make sure you backup your MIIS database first! :-)

Posted by Carol on Monday, October 6, 2008, at 1:22 pm. Filed under Exchange 2007, ILM 2007, newbie. Follow any responses to this post with its comments RSS feed. You can post a comment, but trackbacks are closed.

{ 3 } Comments

  1. 10ti | November 4, 2008 at 4:09 pm | Permalink

    Have you ever encounter this error during provisioning?

    Environment:

    ILM FP1, powershell 1.0, exchange management console, exchange rollup 4

    Reading from AD and writing to other AD management agent

    My error:

    The extensible extension returned an unsupported error in MIIS.

    The stack trace is:

    “Microsoft.MetadirectoryServices.ExtensionException: Could not find the default Administrative Group ‘Exchange Administrative Group (FYDIBOHF23SPDLT)’.

    at Exch2007Extension.Exch2007ExtensionClass.AfterExportEntryToCd(Byte[] origAnchor, String origDN, String origDeltaEntryXml, Byte[] newAnchor, String newDN, String failedDeltaEntryXml, String errorMessage)

    Microsoft Identity Integration Server 3.3.0118.0″

    For more information, see Help and Support Center at

    HomeMDB is correct but when ilm try to update recipient is raised that error..

    Before the proviosu error there is this error in event viewer :

    Event Type: Error
    Event Source: MIIServer
    Event Category: None
    Event ID: 0
    Date: 15/10/2008
    Time: 15.45.32
    User: N/A
    Computer: D1ILM
    Description:
    The description for Event ID ( 0 ) in Source ( MIIServer ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event:

    There is an error in Exch2007Extension AfterExportEntryToCd() function when exporting an object with DN CN=ProvaILM11,OU=ILM,…(hidden)…

    Type: Microsoft.Exchange.Configuration.Tasks.ThrowTerminatingErrorException

    Message: Could not find the default Administrative Group ‘Exchange Administrative Group (FYDIBOHF23SPDLT)’.

    Stack Trace: at Microsoft.Exchange.Configuration.Tasks.Task.ThrowTerminatingError(Exception exception, ErrorCategory category, Object target)
    at Microsoft.Exchange.Configuration.Tasks.Task.ProcessUnhandledException(Exception e)
    at Microsoft.Exchange.Configuration.Tasks.Task.BeginProcessing()
    at System.Management.Automation.Cmdlet.DoBeginProcessing()
    at System.Management.Automation.CommandProcessorBase.DoBegin().

    The user become mailbox linked correctly if launch update recipient manually….I can’t understand why with ilm fp1 don’t work while manually work…(homeMDB is set by Exchange.CreateMailbox()) and even when launching update from powershell i use the same attribute

    Thx for help.
    Regards Luka.

  2. Carol | November 4, 2008 at 5:11 pm | Permalink

    No sorry I haven’t seen that, besides someone asking about it on the ILM Forum – was that you? All I can suggest is you recheck all your settings (is Exchange 2007 provisioning ticked in the MA?) and some general troubleshooting:
    - What does the object look like in the connector space?
    - You say you can run recipient-update manually – are you using the exact same account as the MA?
    - Are there any errors messages on the DC you’re connecting to?

  3. Carol | September 12, 2009 at 6:07 am | Permalink

    I have seen this error now as it happens. It’s a permissions issue. Make sure the ILM servcice account is an Exchange Recipient administrator.

Post a Comment

You must be logged in to post a comment.