Recipe 5.1. Creating a User Account and MailboxProblemYou need to create a user account and a mailbox. SolutionUsing a graphical user interface
Using a command-line interface with dsaddYou can use the dsadd command to add new user accounts from the command line. Here's an example: > dsadd user "cn=DavidR,cn=Users,dc=robichaux,dc=net" -samid "david" -fn "David" -mi "P" -ln "Robichaux" -display "David P. Robichaux" -memberof "Family" -mustchpwd yes This creates a new user account for David. The account's SAM ID is david@robichaux.net (which is also the UPN, since we didn't use the -upn switch); the other switches are self-explanatory. dsadd lets you specify a number of attribute values at creation time, including telephone and fax numbers, home directory and drive information, and password policy settings. In this case, the only significant attribute we added was to force David to change his password the first time he logs on with -mustchpwd yes. Once the user object has been added, you can use exchmbx with the -me switch to mail-enable it, like this: > exchmbx -b "cn=David Robichaux,cn=users,cn=robichaux,cn=net" -me david@robichaux.net Using a command-line interface with ldifde
Using VBScript' This code creates a new user mailbox, then mail-enables ' it by creating a mailbox in the first MDB on the server. ' ------ SCRIPT CONFIGURATION ------ strDCName = "<DC>" ' e.g., "batman" strUserName = "<userName>" ' e.g., "jrandomuser" strFirstName = "<userFirst>" ' e.g., "Joe" strLastName = "<userLast>" ' e.g., "Blow" strPassword = "<password>" ' "G0bbeldygook!#" ' ------ END CONFIGURATION ------ Set oIADS = GetObject("LDAP://RootDSE") strDefaultNC = oIADS.Get("defaultnamingcontext") strConfigNC = oIADS.Get("configurationNamingContext") strContainer= "/CN=Users," & strDefaultNC Set objContainer = GetObject("LDAP://" & strDCName & strContainer) Set NewUser = objContainer.Create("User", "cn=" & strUserName) With NewUser .firstName = strFirstName .lastName = strLastName .Put "sAMAccountName", strUserName .SetInfo End With With NewUser .AccountDisabled = False .SetPassword strPassword .SetInfo End With ' Open the connection. Set theConnection = CreateObject("ADODB.Connection") set theCommand = CreateObject("ADODB.Command") Set theRecordSet = CreateObject("ADODB.Recordset") theConnection.Provider = "ADsDSOObject" theConnection.Open "ADs Provider" ' Build the query to find the private MDBs. Use the first ' one if any are found. strQuery = "<LDAP://" & strConfigNC & _ ">;(objectCategory=msExchPrivateMDB);name,adspath;subtree" theCommand.ActiveConnection = theConnection theCommand.CommandText = strQuery Set theRecordSet = theCommand.Execute If Not theRecordSet.EOF Then theRecordSet.MoveFirst firstMDB = CStr(theRecordSet.Fields("ADsPath").Value) Else firstMDB = "" End If ' create the mailbox With NewUser .CreateMailbox firstMDB .SetInfo End With WScript.Echo "Mailbox created successfully" DiscussionWhile you can create a mailbox using ldifde, we're not going to show you how to do it, because it doesn't really work properly, as the msExchMailboxSecurityDescriptor attribute can't be correctly set through ldifde. You can use the information included within this recipe to create the user object, but you then need to manually mailbox-enable the user object through ADUC (this was determined after a painful amount of testing the creation of a mailboxonce we determined that the mailbox looked right, but wasn't working right, we did a little more research and found out that Microsoft definitely doesn't recommend the creation of mailboxes through ldifde imports). However, the exchmbx tool fixes this problem by making it easy to mail-enable newly created mailboxes or contacts from the command line correctly, so feel free to use this method if it's appropriate for your environment. The creation of a mailbox via a script is really a two-step process, and it's imperfect at best. Basically, what we've done is create a new user account in Active Directory, then used the script that is also used for Recipe 5.2 to mailbox-enable that user account. The discussion for Recipe 5.2 explains a lot of the process, so we're going to point you to that. See AlsoMS KB 305144 (How to Use the UserAccountControl Flags to Manipulate User Account Properties), MS KB 324353 (Users Cannot Access Public Folders or Delegate Mailboxes on a Separate Server), RFC 2849 (The LDAP Data Interchange Format (LDIF)Technical Specification), MS KB 293339 (How to create a mailbox-enabled user with CDOEXM in Visual C++), and MS KB 237677 (Using LDIFDE to Import and Export Directory Objects to Active Directory); exchmbx documentation at joeware.net |