How to Retrieve PIN Information for a UM-enabled User
Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-08-09
This topic explains how to use the Exchange Management Console and the Exchange Management Shell to retrieve PIN information for a user who is enabled for Microsoft Exchange Server 2007 Unified Messaging (UM). After a user has been enabled for Unified Messaging and a PIN is generated or created, it will be stored in the user's mailbox as a salted hash and the checksum for the PIN is stored in an attribute called ExUMPINChecksum in the Active Directory directory service.
When you retrieve PIN information for a UM-enabled user, the information that is returned to you is calculated by using the PIN data that is stored in an encrypted format in the user’s mailbox. This task lets you view information from the user's mailbox and also indicates whether the user has been locked out of their mailbox.
When a UM-enabled user enters a PIN, the PIN data is passed in a format that is not encrypted from an IP gateway over the IP-based network to Unified Messaging servers. To increase the security for a user's PIN, use Internet Protocol security (IPsec) and Transport Layer Security (TLS)/Secure Real-Time Transport Protocol (SRTP) to encrypt the PIN data.|
After the PIN for a UM-enabled user is received by a Unified Messaging server and is passed from the Session Initiation Protocol (SIP)/RTP transport stack to the UM code, the PIN is temporarily held in a memory buffer in a form that is not encrypted form. Although this poses a small security risk, there still exists the potential for an attacker to view the PIN while it is not encrypted in the memory buffers on the Unified Messaging server.
To perform this procedure, the account you use must be delegated the Exchange Recipient Administrator role.
For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.
Also, before you perform the following procedures, confirm the following:
The existing recipient has an Exchange 2007 mailbox.
The existing Exchange 2007 recipient is currently enabled for Unified Messaging.
A UM dial plan has been created.
A UM mailbox policy has been created.
In the console tree of the Exchange Management Console, expand the Recipient Configuration node.
In the result pane, select the user mailbox that you want to view.
In the action pane, click Properties.
On the Mailbox Features tab, click Unified Messaging, and then click Properties.
In the UM Mailbox Status section, view the Lockout status for the user.
Run the following command:
Get-UMMailboxPIN -identity firstname.lastname@example.org
For more information about syntax and parameters, see Get-UMMailboxPIN.
For more information about how to install the Unified Messaging server role, see How to Perform a Custom Installation Using Exchange Server 2007 Setup.
For more information about how to create a UM Mailbox Policy, see How to Create a New Unified Messaging Mailbox Policy.
For more information about Unified Messaging PIN Security, see Configuring PIN Security for UM-Enabled Users.