Exchange 2003 Scripting Help
Hi Guys We have 2 Domains in our Environment everything is working fine until we implemented the Vault into our Exchange 2003 Environment The User Logins through the computer using Domain A credentials The Exchange is in the Domain B When User Tries to use the Vault, The Vault uses the Authentication as Domain A but not Domain B.(Vault Requires the User should have full rights on his mailbox to use the vault) In order to Correct this we are adding the Domain A account to the Domain B Mailbox account and Granting the Full Rights Is there any thing i can script this?? I need to do it for more than 5000 users???
April 27th, 2009 10:52pm
Why are you setting this up on a second domain? This seems like a rather odd topology to me. Additionally there are multiple single-sign-on options available that might better serve your needs than would trying to maintain concurrency between two different domains.
Free Windows Admin Tool Kit Click here and download it now
April 28th, 2009 12:49am
Are these domains in the same forest? Either way, this sounds like a Symantec issue more than an Exchange issue.
April 28th, 2009 2:03am
Moreover you need 2 Windows user CAL per person in your organization if you are using per-user typeCALinstead of per-device CALs.
I would ask users to start using Domain B's account to login in and using mailbox which would help at long run...Amit Tank | MVP - Exchange | MCITP:EMA MCSA:M | http://ExchangeShare.WordPress.com
Free Windows Admin Tool Kit Click here and download it now
April 28th, 2009 5:40am
Mr Surapaneni,For Exchange 2003 it's actually quite cubersome to script what you speak of Since you would have to manipulate the msExchMailboxSecurityDescriptor attribute. That being said I do have a theory which may or may not work since I have tried it in a native Exchange 2003 environment.I know that when Exchange 2007 / 2003 coexist you can make use of the add-mailboxpermission cmdlet and assign permissions to an Exchange 2003 mailbox. I have tested this and it seems to work without issue. So I would sugget you download the Exchange 2007 admin tools http://www.microsoft.com/downloads/details.aspx?FamilyID=6be38633-7248-4532-929b-76e9c677e802&displaylang=enand run a quick test.add-mailboxpermissiondomainBuser -user domainAuser -accessrights fullaccess. If that works then you could simple create a CSV file with columna containing all domainA user account and columnB containing the cooresponding domainB user account and run this. Make sure row1 is your column labels as they will be used as the attribute names.import-csv 'filename-csv' | %{add-mailboxpermission $_.domainAusers -user $_.domainBusers -accessrights fullaccess} I do however agree with everyone that this isn't the ideal solution and you should talk to Symantec about a workaround of fix or take Amit's advice.
Sr. Exchange Engineer - Constellation Energy
April 29th, 2009 6:16am
Hi,We suggest you contact Symantec for the issue, for your convenience:http://www.symantec.com/business/support/overview.jsp?pid=50996Thanks,Elvis
Free Windows Admin Tool Kit Click here and download it now
April 29th, 2009 1:53pm
Have a look at ADSI Edit http://www.computerperformance.co.uk/Logon/LDAP_attributes_ADSIEdit.htm Andrew Sword, MVP
April 30th, 2009 3:29pm