Recipe 17.9. Mail-Enabling a UserProblemYou want to mail-enable a user. SolutionUsing a graphical user interface
Using a command-line interface> exchmbx -b "<User DN>" -me <smtp email address> Replace <User DN> with the user's distinguished name and <smtp email address> with the user's external email address. To mail-enable user joe with the email address joe@unixmail.rallencorp.com, execute the following command. The command should be contained on one line. > exchmbx -b "cn=joe,cn=users,dc=rallencorp,dc=com" -me joe@unixmail.rallencorp.com For an alternative Microsoft native tool method, create an LDIF file called mailenable_user.ldf with the following contents: dn: <User DN> changetype: modify replace: targetAddress targetaddress: SMTP:<smtp email address> - replace: mailNickName mailNickname: <mail nickname> - replace: mAPIRecipient mAPIRecipient: FALSE - replace: legacyExchangeDN legacyExchangeDN: <legacy exchange DN> - replace: internetEncoding internetEncoding: 1310720 - Replace <User DN> with the user's distinguished name, <smtp email address> with the user's external email address, and <legacy exchange DN> with the proper legacy exchange distinguished name value. Then run the following command: >ldifde -i -f mailenable_user.ldf Using VBScript' This code mail enables a user. ' ------ SCRIPT CONFIGURATION ------ strUserDN = "<UserDN>" ' e.g., cn=jsmith,cn=Users,dc=rallencorp,dc=com strEmailAddr = "<EmailAddress>" 'e.g., jsmith234@freemail.net ' ------ END CONFIGURATION --------- set objUser = GetObject("LDAP://" & strUserDN) objUser.MailEnable strEmailAddr objUser.Put "internetEncoding",1310720 objUser.SetInfo( ) Wscript.Echo "Successfully mail-enabled user." DiscussionA mail-enabled user is a user who has at least one email address defined within Exchange, but does not have a mailbox. This does not give any access rights to the user within the Exchange system; it simply allows Exchange users to select the mail-enabled users from the global address list (GAL) and easily send email to them. You would use a mail-enabled user when you have a user who needs to log into the domain, but has an email address external to the forest's Exchange organization. The email address could be external to the company or it could just be external to the Exchange organization of that forest. Examples would be users with mailboxes on external email systems or users with mailboxes on internal non-Exchange servers.
When you create a mail-enabled user with the ADUC or with VBScript, you call out to the CDOEXM interface, which is the Microsoft-supported method of managing Exchange attributes on users, groups, and contacts. The specific method in this case is MailEnable. In the background, the specific changes made by the MailEnable method are on the user object in Active Directory and include changes to the following attributes:
In addition to those attributes, the internetEncoding attribute should also be set for proper message handling. This is the attribute that is updated if you go into the Advanced tab of the Internet Address Properties screen. The default value for this attribute is 1310720, which tells Exchange to use the default settings of the Internet Mail Service. You can specify other values to force email to be converted to various formats. Table 17-3 lists alternate values for the internetEncoding attribute.
Once all of those attributes are in place, the RUS sets additional attributes on the user object to make it usable for Exchange. Using a graphical user interfaceMail-enabling a user is a little more confusing if you are creating new users because you don't get prompted to mail-enable them. To create a mail-enabled user from scratch, create the user and, when prompted to create a mailbox, clear the Create an Exchange Mailbox checkbox. Once the user is created, follow the directions described in the solution. Using a command-line interfaceCommand-line administration tools for Exchange are rather rare. Luckily, the ExchMbx tool is available as a free download from Joe Richards' web site http://www.joeware.net. This tool can turn a difficult process into something simple. If you need to modify the internetEncoding attribute as mentioned above, add the -internetencoding option to the parameter list specifying the proper value from Table 17-3. For example: > exchmbx -b <UserDN> -me <SmtpEmailAddress> -internetencoding 917504 If you prefer Microsoft native solutions, the LDIF solution I described will work, but it can be dangerous because there is the possibility of duplicating critical values within the Exchange organization. If you put duplicate mailNickname or legacyExchangeDN values into the system, you will have bad results in your Exchange organization, and almost certainly, start producing nondelivery reports (NDR) for the mail objects involved. The mailNickname attribute generally can be set to be the same as the sAMAccountName, which has to be unique in the domain. But what should you do you with legacyExchangeDN? If you aren't tied to a legacy 5.5 organization, you can follow the simple format the system currently uses. If you have a legacy 5.5 organization, you need to follow the structure for that organization. For assistance with this, contact Microsoft PSS or Microsoft Consulting Services. The general format of legacyExchangeDN is: /o=<Org>/ou=<AdministrativeGroup>/cn=<RecipientContainer>/cn=<mailnickname> Assuming your mailNickName is unique (it had better be) and you know the values for the other variables, you can quickly construct a legacyExchangeDN like: /o=CORPMAIL/ou=NORTHAMER/cn=Recipients/cn=NICOLEHANSKNECHT You should always verify that the legacyExchangeDN you chose is not already used by searching Active Directory, because someone may have changed an existing user's mailNickname but, correctly, did not touch the legacyExchangeDN value. You could, of course, "fix" the legacyExchangeDN of that previously existing user so that it properly fits the pattern, but you would impact the user's email functionality. The attribute legacyExchangeDN is used in Exchange internally for addressing email. If you try to respond to an email sent to you by a user within the same Exchange organization who has had her legacyExchangeDN changed, you will get an NDR and the mail will not be delivered. So if a user has a name change from Chris Smith to Chris Jones and her sAMAccountName and mailNickname both change from csmith to cjones, her legacyExchangeDN must remain the same so that anyone within the Exchange organization will be able to easily respond to emails she sent as csmith. The point is that you should always check that the legacyExchangeDN value you are setting is unique. The simple solution to follow if the value is already present is to append a -1, -2, or whatever dash value is required to get to a unique value.
You can modify the internetEncoding attribute value in the LDIF file to any value in Table 17-3.
Using VBScriptCreating a mail-enabled user from VBScript is quite simple; one call to the MailEnable method and the work is done. As I indicated in the CLI solution, you can modify the internetEncoding value to some other value in Table 17-3, depending on your needs. See AlsoRecipe 17.10, MS KB 275636 (Creating Exchange Mailbox-Enabled and Mail-Enabled Objects in Active Directory.), and MS KB 281740 (XCON: Internet Mail Service Settings Are Not Overridden for Custom Recipients in Distribution List) for the values of internetEncoding. |