Generating Active Directory Accounts using the mailbox information in the Mailbox Database (Part 2)

by [Published on 7 Feb. 2008 / Last Updated on 7 Feb. 2008]

How to generate Active Directory accounts from a Mailbox Database using Exchange Server 2000/2003.

If you missed the first part in this article series please read Generating Active Directory Accounts from an Exchange Database (Part 1)

Unfortunately in Exchange Server 2000/2003 we do not have Windows PowerShell in the picture to export and match users and disconnected mailboxes, however we are able to do the same tasks using a tool called the Mailbox Reconnect tool (mbconn.exe). We can donwload this tool from the Microsoft FTP site.

This tool will create in its first instance a list of all disconnected mailboxes to an LDF file, then we will create the users using ldifde and we will run the tool again to match and join the new accounts with the disconnected mailboxes.

The scenario and prerequisites are the same as the first article.

Creating the new infrastructure.

We do not have a System State of the DCs, so we need to create a brand new environment from scratch, following these general steps:

  1. Install Windows Server on a server and update it.
  2. Create the Forest and Domain using dcpromo.
  3. Prepare Forest and Domain to Exchange Server 2003.
  4. Install Exchange Server 2000/2003 using the same Organization Name.
  5. Appy at least all service packs that the old environment had installed.

Mounting the old database in the brand new environment

First of all, let’s mount the old database in the new environment. Follow these steps:

  1. Open the Exchange System Manager.
  2. Expand Administrative Groups.
  3. Expand Servers.
  4. Expand <Storage Group>.
  5. Right-Click on the database and click on Properties.
  6. Check the option This database can be overwritten by a restore and note the Exchange database and Exchange streaming database files (Figure 01).


Figure 1:
The current database path and configuring it to be overwritten

  1. Right Click on the database and then click on Dismount.
  2. Now let’s go to the path that we noted in step 6.
  3. Remove the original priv1.edb and priv1.stm files and paste the database files from the old environment. If necessary, rename the new files to match with priv1.edb and priv1.stm.
    Note: Due to the architecture of Exchange Server 2007 we need only the .EDB file, for Exchange 2000/2003 we need both the .EDB and .STM files.
  4. Right-click on the database, and click on Mount.

To see the disconnected mailboxes in the database, we should run a cleanup task, as follows:

  1. Expand the Mailbox Store database.
  2. Right-click on Mailboxes, and then click on Run cleanup agent.
  3. Click on Mailboxes and see a figure similar to Figure 02 with a list of all mailboxes; they will appear as disconnected.


Figure 2:
The mailboxes from the old Exchange Server

Now, we can use the Mailbox Connector Tool (mbconn.exe). To run the tool just double click on the mbconn.exe and follow these steps:

  1. On the first screen that comes up, click on Next.
  2. Exchange Server. We have to fill in the Exchange Server name and Domain Controller name, and then click on Next.
  3. Select Databases. All the mounted databases will be listed, click on our recently restored database, and click on Finish, as shown in Figure 03.


Figure 3:
Selecting the current database(s), on which the tool will be looking for disconnected mailboxes

We will be able to see all disconnected mailboxes in the Mailbox Reconnect tool, as shown in Figure 04.


Figure 4:
All disconnected mailboxes in the mailbox Reconnect Tool

Let us export the disconnected users to an LDF file. To do that click on Actions and then click on Export Users, as shown in Figure 05.


Figure 5:
Exporting the disconnected users to an LDF file

We have to define the Container where the exported users will be created in the Active Directory and we have to also configure the destination file (c:\import.ldf), as shown in Figure 06. After that click on Generate.


Figure 6:
Configuring container and filename to be used in the export process

Before importing the LDF file into the Active Directory, we must change the Default Domain Policy Group Policy to accept blank passwords (Figure 07). To do that we can follow these steps:

  1. Open Active Directory Users and Computers.
  2. Right Click on domain name and click on Properties.
  3. Click on the Group Policy tab, and then click on Default Domain Policy and the Edit button.
  4. Expand Windows Settings, Security Settings, Account Policies.
  5. Click on Password Policy.
  6. We have to change these values:
    - Password must meet complexity requirements: must be Disabled.
    - Minimum password length: must be 0 (zero).


Figure 7:
Modifying the Default Domain Policy to accept blank passwords

  1. Go to the command prompt in a DC and run gpupdate /force to apply the changes that we have made in the Domain Policy.
  2. Check the Event Logs to validate if the policy was applied successfully.

Okay, we have made some progress in the new environment, such as: mounted the old database in the brand new environment, listed and exported all disconnected mailboxes to an LDF file and we also changed the Default Domain Policy to accept blank passwords.

Now we have to create the user from the LDF file, however we have to clean up that file first. We must remove entries (users) that we already have and the old Exchange accounts need to be removed, such as System Mailbox, SMTP, etc. The Import.ldf file can be seen in Figure 08.

Note:
To remove an user/entry from the LDF file we have to remove the set of attributes as shown in Figure 08. For example we have to remove the lines dn, changetype, useraccountcontrol, msExchUserAccountControl, displayName, ObjectClass and SamAccountName for each user that we remove.


Figure 8:
The file created by Mailbox Connector Tool

After cleaning up the file we are able to create the users using the LDF file as source (Figure 09). We can go to the Command Prompt and run ldifde using the syntax below:

Ldifde –I –f <file.ldf>


Figure 9: Creating the users to match with the disconnected mailboxes with the ldifde tool

Just to make sure, we can go to Active Directory Users and Computers and see if all users were created as expected, as shown in Figure 10.


Figure 10: Users created from the exported list of disconnected mailboxes

Let us go back to the Mailbox Reconnect tool to match the new users with the disconnected mailboxes. Click on View and Preview All. At this point all disconnected mailboxes should match with the users that we have just created (Figure 11). We should validate if the association makes sense using the second column called User as well.


Figure 11: Matching the newly created accounts with the disconnected mailboxes

To reconnect the mailboxes with the newly created accounts, click on Actions and then Apply, as shown in Figure 12. A message box will come up, click on Yes.


Figure 12: Reconnecting the disconnected mailboxes with the new Active Directory Accounts

Now, all users from the other domain can log on to the domain using their username and access the same Exchange information that they had before the Domain Controller failure.

Conclusion

In this article we have seen how to generate accounts using an Exchange 2000/2003 Mailbox database and the Mailbox Reconnect tool.

If you missed the first part in this article series please read Generating Active Directory Accounts from an Exchange Database (Part 1)

Featured Links