Mailbox Enable User system policy change is required
Topic Last Modified: 2006-08-10
The Microsoft® Exchange Server Analyzer Tool queries the Active Directory® directory service to determine the value for the purportedSearch attribute of each Exchange system policy object. The purportedSearch attribute indicates the search argument used when the policy is applied.
The Exchange Server Analyzer also queries Active Directory to determine the value for the msDS-Behavior-Version attribute of the forest object in Active Directory, NTDS Settings. This value indicates the Active Directory forest functional level. Valid values for the msDS-Behavior-Version attribute are shown in the following table.
|Value||Forest functional level|
Microsoft Windows® 2000 Server mixed
Microsoft Windows Server™ 2003 interim
Microsoft Windows Server 2003 native
The Exchange Server Analyzer also queries Active Directory to determine the value for the revision attribute of the Windows2003Update container. The value of this attribute indicates whether the Active Directory preparation utility (ADPrep.exe) has been run.
Finally, the Exchange Server Analyzer queries the Win32_OperatingSystem Microsoft Windows Management Instrumentation (WMI) class to determine the value of the OSProductSuite key. The value of the OSProductSuite key indicates the version of Windows running on the computer.
If the Exchange Server Analyzer finds the following criteria to be true, a warning is displayed:
The value of the purportedSearch attribute of the Mailbox Enable User system policy does not equal (&(objectCategory=person)(objectClass=user)(mailnickname=*)(homeMdb=*))
The Active Directory forest functional level is Windows Server 2003 interim or Windows Server 2003 native mode.
The Exchange Server computer is not running Windows Small Business Server 2003.
To avoid mailbox re-homing issues, a modification to the system policies is required. This update can be made using Active Directory Service Interfaces (ADSI) Edit (ADSIEdit.msc), the LDP (ldp.exe) tool, or another Active Directory editor tool.
If Windows Server 2003 is used as a domain controller and the Mailbox Enable User policy is not updated, linked value replication in Windows Server 2003 will cause the Recipient Update Service to overwrite the value of the homeMDB attribute of new users, causing their mailboxes to be re-homed on the first store on the server.
|If you incorrectly modify the attributes of Active Directory objects when you use ADSI Edit, the LDP tool, or another Lightweight Directory Access Protocol (LDAP) version 3 client, you may cause serious problems. These problems may require that you reinstall Windows Server 2003, Exchange Server 2003, or both. Modify Active Directory object attributes at your own risk.|
Start ADSI Edit.
Double-click the Configuration container, expand CN=Services, expand CN=Microsoft Exchange, and then expand CN=<ExchangeOrganizationName>.
Select CN=System Policies.
In the right pane, right-click CN=Mailbox Enable User, and then select Properties.
Scroll down to select the purportedSearch attribute, and then click Edit.
Clear the attribute, and then configure it with the following filter:
Note: The filter shown in Step 6 has been wrapped for readability. Make sure that you enter the filter without any spaces or returns.
Click OK again to save the change, and then close ADSI Edit.
For more information about using the LDP tool, see the Microsoft Knowledge Base article 260745, "XADM: Using the LDP Utility to Modify Active Directory Object Attributes" (http://go.microsoft.com/fwlink/?LinkId=3052&kbid=260745).
For more information about this issue and its impact, see Microsoft Knowledge Base article 903291 "Recipient Update Service may overwrite the value of the homeMDB attribute for new Exchange Server 2003 users" (http://go.microsoft.com/fwlink/?LinkId=3052&kbid=903291).