Home > active directory, exchange 2007, powershell, scripting > Exchange 2007 Mailbox GUID

Exchange 2007 Mailbox GUID

On a recent Exchange 2003 to 2007 upgrade, I ran into a very frustrating issue that significantly delayed our deployment. All new mailboxes that were created on using Exchange 2007 tools (Exchange 2007 Management Console or Powershell) were missing several crucial ADSI attributes, namely:

  • legacyExchangeDN
  • msExchALObjectVersion
  • msExchMailboxGuid
  • msExchMailboxSecurityDescriptor (set to “not set”, all other accounts have a blank value here)
  • msExchUserAccountControl

Of these, the most important seem to be msExchMailboxGuid and msExchMailboxSecurityDescriptor. Without msExchMailboxGuid set, the user account effectively does not have a mailbox. We were desperate enough at one point to create a random mailbox GUID (ensuring first that it is not present anywhere else in the Exchange organization), but the msExchMailboxSecurityDescriptor not being set still ensured that the mailbox was inaccessible.

After a few hours on the phone with MS support, and apparently some contact with a member of the Exchange 2007 development team, we were informed that this was due to a problem with the Exchange System Attendant and something to do with logs…to be honest I was not able to completely understand the guy at this point.

Anyhow, the temporary solution was to restart the System Attendant service on the mailbox server that is experiencing the problem. This is easy enough with Powershell (Restart-Service MSExchangeSA), but we ended up making use of the PsTools suite’s psservice because we had multiple mailbox servers going and we needed to sometimes restart the service on a remote mailbox server. Fortunately, restarting the System Attendant service in Exchange 2007 does not restart the Information Store, as was the case with Exchange 2003. After this, the proper attributes will again be stamped and user mailbox provisioning should be successful.

The bug was apparently set to be resolved in SP1 for Exchange 2007 (released late last year), but I have not confirmed this.

Check out these links for more info:

Arstechnica Forum Thread
MSExchange Forums Thread
Microsoft Forums (I)
Microsoft Forums (II)

Advertisements
  1. 2008-05-18 at 13:03

    how to change mailbox guid exchange server 2007 ?

  2. 2008-05-23 at 23:20

    Hi hakan,

    I don’t believe that it is generally advisable to start changing mailbox guid’s: It’s fairly likely that you will break something if you do. If you have to though, your safest bet is using ADSIEDIT (the property you’re looking for there is msExchMailboxGUID). It is possible I would think to do this through Powershell as well, but things get pretty hairy, and I would strongly advise against it if you’re not sure what you’re doing.

    =====================================================================
    # Start Powershell info:

    # We need the DN for the user you will be working with. There are various was
    # of doing that, but I figure that here it’s easiest to stick with the Exchange
    # cmdlets. Replace [username] with the name of the user you are working with.

    $objmbox = Get-Mailbox ‘[username]’

    # Get the DN
    $strdn = $objmbox.DistinguishedName

    # Get the full ADSI object for that user.
    $adobjuser = [ADSI]”LDAP://$strdn”

    # The msExchMailboxGuid property can be found in:
    $adobjuser.msExchMailboxGuid

    # This property does appear to be settable, but I don’t have a test environment
    # available right now where I would be comfortable breaking mailboxes.

    # You can also expose some more information through the psbase object
    $adobjuser.msExchMailboxGuid.psbase
    # and
    $adobjuser.msExchMailboxGuid.psbase.value

    # End Powershell info

    =====================================================================

    If you pipe that the msExchMailboxGuid property to Get-Member, you’ll see that the object has a type of System.Byte[]. The PSBase Value property is a byte array. Again, I would caution against messing around here. If you’re comfortable with the potential consequences though, you’re obviously free to do as you please.

    ** Note: Standard disclaimer applies.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: