Hi
I wonder if anyone can provide some input into a problem I am having with Mailbox creation.
We are using ARS 6.7 with Exchange Resource Forest Manager/Quick Connect for Exchange Forests. We have an Accounts forest and a Resource forest for mail, both managed by ARS and the User and Mailbox accounts are joined using ERFM. We are using a provisioning policy to restrict the Mailbox stores available to select when Mailbox enabling a user, and we autoselect one of the Mailbox stores using Round-Robin in the policy. The mailbox stores allowed by Policy are in two different countries and the country code of the Mailbox server is in the naming convention. Country is a mandatory attribute for all User Accounts.
What I am trying to do is use a Script Module that is applied by Provisioning Policy and triggers on an OnPreModify event on the Mailbox accounts OU in the Messaging Forest, when a Shadow Account is being modified to create a mailbox I want to examine the mailbox server used in the $Request and if it is in the wrong country compared with where the user is, select a Random mailbox store from the Allowed Mailbox Stores policy in the right country and put that into the $Request instead. In this way, the default mailbox store can always be accepted by anyone running through the wizard and ActiveRoles will ensure the mailbox server chosen is correct for the location. (There is a mapping table in the script module to achieve this by the way).
All of this has been working just perfectly for new accounts being created which are Mailbox Enabled during the account creation process. The script module does what it needs to do and everything is great. However, when an Existing account in the Accounts forest is Mailbox Enabled (using the Create User Mailbox option on the Properties of the User Account in the ARS-Managed Domain), the policy doesn't fire. In addition, when creating a linked mailbox for an external account (using the Create Linked Mailbox option on the Messaging Accounts OU in the Messaging forest and selecting an account from an Unmanaged Domain as the Master account) the policy doesn't seem to fire either.
From the analysis I have done it seems like when Mailbox Enabling a user using ERFM the process is:
1. The Shadow Account is created as one operation
2. The Shadow Account is modified to be Mailbox Enabled as a second operation
In the change history when you do this manually it shows edsva-msExch-CreateLinkedMailbox as being updated to TRUE, as a result I am triggering my script module when there is a modify request and the edsva-msExch-CreateLinkedMailbox attribute is present in $Request and homeMDB is present in Request. However, based on the Policy not firing on the two scenarios I mentioned above, it doesn't seem like this is reliable in every case?
So, after the long explanation, I think the question is: If my policy is to fire in all scenarios where an object is being Mailbox Enabled, which attributes will be present as reliable triggers in every case?
Here is the script as it is so far. As I say it works perfectly for brand new users being created, it's just Linked Mailboxes for non-Managed Domain users and Mailbox-Enabling existing users from the Accounts Forest where it doesn't seem to be working.
Thanks
| Script |
|---|
function onPreModify($Request){ if ($Request.Get("edsva-MsExch-CreateLinkedMailbox") -and $Request.Get("homeMDB")) { # This is where we examine the Country Attribute on the Request, if it's one we care about, we convert to a two digit code to se in a server name switch ($Country) { # Select the Country from the Mailbox Server Name in the Request # Since the User is in a different country to the Mailbox Server, we need to change the server if ($AppropriateDBs.Count -eq 0) { if ($AppropriateDBs.Count -eq 0) { # Replace the Mailbox Server value with a server correct for that country, random from the pool |