Hi, We have an environment with about 8 Ex2007 servers about 25 databases. When a new user is created in HR, FIM will need to 1) create the AD account in the correct OU and 2) create a mailbox in the right server and database...so: 1) I assume the mailbox provisioning we will have to code and use powershell? 2) I notice that when using powershell new-mailbox cmdlet it requires a password? How can one ensure that the same random password is assigned to the AD user account and used again when creating a new mailbox? OR 3) do we first create the AD user and then use the Update-Recipient cmdlet instead (which may not need a password). thanks SK

how do u choose the correct mail database for the user ? based on what ?

we have been given a static list - per campus... and when someone changes their campus, the mailbox must move to the new location

please refer to this post for provisioning exchange mailbox: http://technet.microsoft.com/en-us/magazine/ff472471.aspx for the mailbox database, you need to fill the "homeMDB" attribute with the correct value for the user based on the campus attribute

Hi, I think we may have misunderstood one another - I am comfortable with basic AD and mailbox provisioning, and have done it a few times. The question I have is around 1) One way to place mailboxes on the correct server and DB would be to use differents Sets, MPRs and sync Rules. Another method would be to use powershell as described here: http://www.wapshere.com/missmiis/powershell-activity - but how do we handle the password? If the user account already exists in AD and we have used a random password function in FIM - can we now create the mailbox without the users' password? thank you

Hi, I think we may have misunderstood one another - I am comfortable with basic AD and mailbox provisioning, and have done it a few times. The question I have is around 1) how do I place the correct mailbox on the correct server & db - one way is to create separate sets, MPRs, Sync Rules...another would be through powershell - so which cmdlet is the correct one to use? 2) when I need to move a mailbox, do I once again need to rely on code (vb or powershell) or is there a way of doing it inside FIM? thank you

Hi, I think we may have misunderstood one another - I am comfortable with basic AD and mailbox provisioning, and have done it a few times. The question I have is around 1) how do I place the correct mailbox on the correct server & db - one way is to create separate sets, MPRs, Sync Rules...another would be through powershell - so which cmdlet is the correct one to use? 2) when I need to move a mailbox, do I once again need to rely on code (vb or powershell) or is there a way of doing it inside FIM? thank you

Why would you need to know the user his password in order to create a mailbox for him? Creating a mailbox for a user is something you do with some kind of administrative privileges. Not in the context of the user... Can you clarify your domain situation and why you think you need the password of the user?http://setspn.blogspot.com

Why would you need to know the user his password in order to create a mailbox for him? Creating a mailbox for a user is something you do with some kind of administrative privileges. Not in the context of the user... Can you clarify your domain situation and why you think you need the password of the user?http://setspn.blogspot.com

I think you are really over-complicating this. There should be no need to use powershell or to even create the mailbox outside of the AD MA. When you create the user in AD, assigning the homeMDB value determines which server and database the user's mailbox is created on. In my solutions, I consider dynamic selection of mailbox server/database to be "basic AD and mailbox provisioning". In fact, for educational organisations there's generally a heap of information that needs to be set based on campus/school. So all you really need to worry about is how to select your homeMDB value from the static list provided. In my ILM-based solutions, I use a simple XML Lookup process during the import of a user into the metaverse to set the homeMDB value. In FIM Portal, you could either create a workflow that does the same, or alternatively just have a workflow that reads the user's campus and determines the homeMDB value dynamically in a similar fashion. - Ross Currie

Why would you need to know the user his password in order to create a mailbox for him? Creating a mailbox for a user is something you do with some kind of administrative privileges. Not in the context of the user... Can you clarify your domain situation and why you think you need the password of the user? http://setspn.blogspot.com Hi, When you look at the new-mailbox cmdlet - it requires a password. So I can see that by creating many many Sets and MPRs and Sync Rules I could provision a mailbox on the correct server & database. But I will need to code when someone changes their campus - in order to move the mailbox. Thanks

@Ross - thank...all I was trying to see if there is a way of avoiding extra code - but it seems code will be required. thanks

Could you not just create a workflow that uses a function evaluator to assign a value to the homeMDB value in the portal? It's a bit messy, but if you had 28 schools, you could have an IIF() function for each one... I can't be bothered looking up the syntax but it would essentially be: IIf(campusCode, 001, "static string containing homeMDB for campus code 1") concat IIf(campusCode, 002, "static string containing homeMDB for campus code 2") concat IIf(campusCode, 003, "static string containing homeMDB for campus code 3") And so forth. Using this method, only one value would ever be concatenated to the generated string. Like I said, messy... but I see no reason why this couldn't work. Just create the workflow with a single function evaluator as above, and attach it to an MPR that fires on a set of users that have no homeMDB value set. - Ross Currie

That sounds very promising Ross - I will most certainly evaluate this option. How about the mailbox move procedure do you think the above process could be used for moving mailboxes too?

if you enable exchange 2007 provisioning in the AD management agent, when you run export profile for Active directory management agent it create the user in AD with all attributes configured including the ones used by exchange(mailnickname,homeMDB,etc ..) then it calls the exchange cmdlet "Update-Recipient" to create the mailbox (that means the user will be already in AD when calling the cmdlet) so you only need to configure the value for mailnickname and homeMDB, and leave the process of creating the actual mailbox to the AD MA out-of-the-box exchange provisioning feature.

That sounds very promising Ross - I will most certainly evaluate this option. How about the mailbox move procedure do you think the above process could be used for moving mailboxes too? Just tested it in my environment and it works fine. Essentially you have: IIF(EQ(campusCode,'001'),"homeMDB Value for campus 1","") IIF(EQ(campusCode,'002'),"homeMDB Value for campus 2","") etc. Works fine for codelessly selecting a homeMDB value based on campusCode. It's also easily extensible I've never moved mailboxes before using FIM. Not an easy thing to do as far as I know, though you could certainly use the above method for determining which server to move the mailbox to. - Ross Currie

However, will "Update-Recipient" move a mailbox? I thought we'd need to use the Move-Mailbox cmdlet?

you can use Carol's custom workflow powershell activity http://www.wapshere.com/missmiis/powershell-activity set your parameters as: -id [//Target/mail] -mdb 'homeMDB value' and in your PS script use the Move-Mailbox command Move-Mailbox $id -TargetDatabase $mdb or you can develop your own custom activity

However, will "Update-Recipient" move a mailbox? I thought we'd need to use the Move-Mailbox cmdlet? No, it won't. I would think long and hard about doing pre-Exchange 2010 moves inside of FIM. It's a synchronous process that moves data through the actual PowerShell instance locally. Instead what I would do is provision your moves to a SQL database and have a Windows Service or scheduled task check that queue periodicaly and perform the moves.My Book - Active Directory, 4th Edition My Blog - www.briandesmond.com

How about the mailbox move procedure do you think the above process could be used for moving mailboxes too? Sorry, I missed that question. I agree with Brian. As great as it would be to have everything managed directly from FIM, there are some scenarios where there are better tools to get the job done. I wouldn't say that Exchange mailbox management is something FIM does extremely well. - Ross Currie