Imanami Community

Hi

 We are looking to move to Exchange 2007 soon and have built a lab environment for testing. In this lab environment we have SmartDL and DTM along with iRUS.

With DTM, I have recreated exactly a DTM job from our Windows 2003/Exchange 2003 environment. This job seems to provision the user accounts themselves perfectly well, but the mailboxes are never created.

 We're populating all the usual attributes - sn, homeMDB, alias, displayName, givenNamem and others.

 Reading the iRUS documentation and video doesn't seem to offer any solutions; I have checked that the authentication is set correctly (to the domain adminstrator). The service is started and is in the event viewer once, but no more.

Any suggestions?

CarpMan

---

Phil Kelly

Please list all the attributes you are setting from the DTM job.  The iRUS only looks for objects missing specific attribute values.  Your job may be populating attributes the iRUS is not expecting to be populated.  We can fix this by modifying the DTM job, iRUS, or both.  Let's start with the list of DTM attributes from your job.

Here you go:

First Name

Display Name

Sam Account Name

Alias

CN

Last Name

Password

Home Store

targetAddress

Title

Company

Department

City

State

Zip/Postal Code

Street Address

Office Phone

Mobile Phone Number

Fax Number

User logon name

mDBUseDefaults

mDBStorageQuota

mDBOverQuotaLimit

mDBOverHardQuotaLimit

Employee ID

Email

---

Phil Kelly

Humm, the list looks good to me.  Here is how the Imanami RUS works:

Program flow:

1.    Autodetect the forest and domains.  This setting is user configurable.  The user can specify which forest or domain to process but the account the service runs under must have permissions within that forest or domain.

2.    Is Exchange 2007 installed in the forest? If yes then go to 3.  If no then End and notify the user.

3.    Are the Exchange 2007 Administration Tools installed? If yes then go to 4.  If no then End and notify the user.  We need the admin tools to fix the recipients.

4.    For each domain discovered:

a.   Find all improperly provisioned recipients (mailbox-enabled users, mail-enabled users, mail-enabled contacts and mail-enabled groups).
Note: If the Exchange 2003 RUS is present the script will only process mailbox-enabled users, it will not process mail-enabled recipients such as mail-enabled users, contacts and group.  The Exchange 2003 RUS will process those recipients correctly.  See the Exchange Team blog for administration co-existence:
http://msexchangeteam.com/archive/2006/10/09/429135.aspx

                               i.   Mailbox-Enabled Users
"(&(objectClass=User)(objectCategory=Person)(mailNickname=*)(!msExchVersion=*)(homeMDB=$databaseDN))"
Note: The homeMDB=$databaseDN predicate ensures only mailboxes on the specified Exchange 2007 database are returned.

                              ii.   Mail-Enabled Users
“(&(objectClass=User)(objectCategory=Person)(mailNickname=*)(!msExchVersion=*)(targetaddress=*)(!msExchALObjectVersion=*))”
Note: The !msExchangeALObjectVersion=* predicate prevents the query from returning objects that have already been processed by the Exchange 2003 RUS.

                             iii.   Mail-Enabled Contacts
"(&(objectClass=Contact)(objectCategory=Person)(mailNickname=*)(!msExchVersion=*)(targetaddress=*)(!msExchALObjectVersion=*))”
Note: The !msExchangeALObjectVersion=* predicate prevents the query from returning objects that have already been processed by the Exchange 2003 RUS.

                              iv.   Mail-Enabled Groups
(&(objectClass=Group)(objectCategory=Group)(mailNickname=*)(!msExchVersion=*)(displayname=*)(!mail=*)(!msExchALObjectVersion=*))"
Note: The !msExchangeALObjectVersion=* predicate prevents the query from returning objects that have already been processed by the Exchange 2003 RUS.

b.   For each recipient from 4a:

                               i.   Fix the recipient.
Note: we cannot call an Exchange 2007 cmdlet to fix the recipient (such as Set-Mailbox –ApplyMandatoryParameters) because Exchange 2007 will not recognize the recipient created by Imanami products.

1.    Verify the recipient needs fixing (IsValidMailbox(), IsValidMailUser(), etc.).

2.    Save the following attribute values which are required to re-provision the recipient in step 4.b.i.4:

a.    Mailbox-Enabled Users

·  DistinguishedName for the Identity parameter.

·  MailNickName for the Alias parameter.

·  HomeMDB for the Database parameter.

b.   Mail-Enabled Users

·  DistinguishedName for the Identity parameter.

·  MailNickName for the Alias parameter.

·  Targetaddress for the ExternalEmailAddress parameter.

c.    Mail-Enabled Contacts

·  DistinguishedName for the Identity parameter.

·  MailNickName for the Alias parameter.

·  Targetaddress for the ExternalEmailAddress parameter.

d.   Mail-Enabled Groups

·  DistinguishedName for the Identity parameter.

·  MailNickName for the Alias parameter.

·  DisplayName for the DisplayName parameter.

3.    Clear all Exchange related attributes.  Required for step 4bi4.

·      mailnickname

·      homemdb

·      homemta

·      mDBUseDefaults

·      mail

·      proxyAddresses

·      msexchversion

·      msExchALObjectVersion

·      legacyExchangeDN

·      msExchMailboxGuid

·      msExchMailboxSecurityDescriptor

·      msExchPoliciesIncluded

·      msExchRecipientDisplayType

·      targetAddress

·      mAPIRecipient

·      internetEncoding

4.    Call the appropriate Exchange 2007 cmdlet to provision the object correctly (Enable-Mailbox, Enable-MailUser, etc.).

a.    Mailbox-Enabled Users
Enable-Mailbox -Identity '$identity' -Alias '$alias' -Database '$homeMDB'

b.   Mail-Enabled Users
Enable-MailUser -Identity "$identity" -Alias "$alias" -ExternalEmailAddress "$targetaddress"

c.    Mail-Enabled Contacts
Enable-MailContact -Identity $identity -Alias $alias -ExternalEmailAddress $targetaddress

d.   Mail-Enabled Groups
Enable-DistributionGroup -Identity "$identity" -Alias "$alias" -DisplayName "$display"

                              ii.   Write to the event log which recipient was fixed and how it was fixed (which attributes where removed and which command was called).

5.    Wait 10 seconds.  This setting is user configurable.  You could set it for 10 minutes if you want.

6.    Go to step 1 and start all over, you never know when a new recipient will show up.

 

 

 

Let's turn on debug messages and see what's happening.  Edit the ImanamiRUS.ps1 file and locate this line:

$debug = $false;

change it to:

$debug = $true;

Restart the Imanami RUS service and then check the event log - don't be suprised if you see a ton of new messages.  Each step int he above process will have a message in the event log.  I noticed that you are populating targetAddress.  TargetAddress is only for mail-enabled objects (contacts and users) not mailbox enabled objects.  An object cannot have both homemdb and targetAddress specified, Exchange will get confused.  Can you remove this attribute from the job?

OK, debug turned on and service restarted.

The event viewer now shows an error:
Error: System.Management.Automation.PSSecurityException: File C:\Software\ImanamiSoftware\ImanamiRUSBuild3\scripts\ImanamiRUS.ps1 cannot be loaded. The contents of file C:\Software\ImanamiSoftware\ImanamiRUSBuild3\scripts\ImanamiRUS.ps1 may have been tampered because the hash of the file does not match the hash stored in the digital signature. The script will not execute on the system. Please see "get-help about_signing" for more details.. ---> System.UnauthorizedAccessException: File C:\Software\ImanamiSoftware\ImanamiRUSBuild3\scripts\ImanamiRUS.ps1 cannot be loaded. The contents of file C:\Software\ImanamiSoftware\ImanamiRUSBuild3\scripts\ImanamiRUS.ps1 may have been tampered because the hash of the file does not match the hash stored in the digital signature. The script will not execute on the system. Please see "get-help about_signing" for more details..
   --- End of inner exception stack trace ---
   at System.Management.Automation.AuthorizationManager.ShouldRunInternal(CommandInfo commandInfo, CommandOrigin origin, PSHost host)
   at System.Management.Automation.CommandDiscovery.LookupCommandProcessor(CommandInfo commandInfo, CommandOrigin commandOrigin)
   at System.Management.Automation.CommandDiscovery.LookupCommandProcessor(String commandName, CommandOrigin commandOrigin)
   at System.Management.Automation.CommandFactory._CreateCommand(String commandName, CommandOrigin commandOrigin)
   at System.Management.Automation.CommandFactory.CreateCommand(String commandName, CommandOrigin commandOrigin)
   at System.Management.Automation.ExecutionContext.CreateCommand(String command)
   at System.Management.Automation.Parser.PipelineNode.Execute(Array input, Pipe outputPipe, ArrayList& resultList)
   at System.Management.Automation.Parser.StatementListNode.Execute(Array input, Pipe outputPipe, ArrayList& resultList)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

 

If I use the Exchange Management Tool to 'find' the users I can see them, but when I choose to see their properties I am told that their ExternalEmailAddress has invalid data....

---

Phil Kelly

Sorry, remove the signature from the bottom of the file.  When you make a change to the file, it invalidates the signature.

OK, the service loads and writes to the event log and then everything goes quiet (with debug set to true).

 CarpMan

 

---

Phil Kelly

Do you see an event that lists the domains and the interval?  What does it say?  By default the service only processes the domains int he forest every 60 seconds.

No, just the 'Service started successfully' event, no more.

---

Phil Kelly

Take a look in the Application log.  You should see something like this:

Script output:

Imanami Recipient Update Service for Microsoft Exchange 2007

Copyright 2007 Imanami Corporation. All Rights Reserved.

THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE RISK

OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE USER.

-DomainNames:

-LoopInterval: 60

-FixErrors: True

Start time: 02/19/2008 14:50:07

No, there is only the Service started successfully event.

I have uninstalled and reinstalled the service - same results.

 

---

Phil Kelly

Hmmm, I guess the service is running but it is not launching the script.  Try running the script manually from the PowerShell:

.\imanamirusbuild3\scripts\imanamirus.ps1

What does it say?

 

It provides the feedback on refresh interval etc but adds a couple of lines stating that the Exchange 2007 administration files are not available.

This particular lab is running 32-bit Exchange 2007 on Windows 2003.

---

Phil Kelly

My bad, launch the Exchange 2007 Management Shell and then execute the command I gave you in the previous post.

Imanami Recipient Update Service for Microsoft Exchange 2007
Copyright 2007 Imanami Corporation. All Rights Reserved.

THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE RISK

OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE USER.

    -DomainNames:
    -LoopInterval: 0
    -FixErrors: False

Start time: 02/19/2008 23:53:13

Unable to find type [Imanami.Exchange2007.RecipientUpdateService.Common.ActiveD
irectoryHelper]: make sure that the assembly containing this type is loaded.
At C:\imanamirusbuild3\scripts\ImanamiRUS.ps1:887 char:116
+ [System.Collections.ArrayList]$Domains = [Imanami.Exchange2007.RecipientUpdat
eService.Common.ActiveDirectoryHelper]: <<<< :FindDomains($Forest, $DomainNames
)
02/19/2008 23:53:13 - DEBUG: Could not find one domain in EX2K7.local forest.
02/19/2008 23:53:13 - DEBUG: Aborting.
[PS] C:\>

---

Phil Kelly