Hi All, We are currently migrating our users to a new domain and need someway to script changes to their delegates so that they do not have to remove and add them again. We have found in testing that the delegates break once we migrate the accounts. Here is the scenario and where I am at: We basically are changing domains. Our Exchange environment is in a resource domain and we have the accounts associated from the real domains to these. So it’s like this: Domain A = resource domain Domain B = Current domain Domain C = New domain Domain A\UserAcc is the account associated with the Exchange mailbox and the Exchange server is in Domain A. This account is disabled. Domain B\UserAcc has been defined as the primary account associated with Domain A\UserAcc. We are changing the primary account associated with Domain A\UserAcc to Domain C\UserAcc. I have been able to add permissions for Domain C\UserAcc1 to the Domain A\UserAcc and give them ‘Send As’ but this does not appear to allow the person to access the Calendar or Mailbox of Domain A\UserAcc. To allow us to script the change of our delegate permissions, I need to know what changes are required in AD attributes such as publicDelegates, publicDelegatesBL, and how these attributes reference what security attributes within Exchange. I have managed to add a publicDelegate by editing the attribute through ADSI edit and gave the user account ‘Send As’ permissions. The delegate information appears in Outlook but the delegate does not have any permissions so I am kind of assuming that there is some sort of a trigger that is required, such as in SQL, to make the process work. I think the piece that I am missing is how the delegate information within Domain B and ultimately Domain C correlate with the permissions in Domain A. In Domain A I see that the msExchMasterAccountSid points to my Domain B (or C once we migrate the user) but the delegates are just as the DN of the account in Domain A ie: CN=Kovarik\, Jarrod (DFC),OU=SITE004,DC=DOMAINA,DC=SA,DC=GOV,DC=AU and I cannot find a relationship. ANY help or advice is greatly appreciated!!
Are these Exchange 2003 organizations that you are migrating from and to?
I am researching this further but I do not believe that modifying the delegates using ADSI is supported and must be done via MAPI. Some of the information is stored in AD however there will be missing information in the mailbox to get it to actually function.
- Joel
Yes, Exchange 2003, sorry, should have mentioned that!
BTW - I have next to no scripting knowledge so everything that I have tried has been 'borrowed' from the net and stuck in to new scripts - so I think I am half way there.
I hope to proved wrong on this however with Exchange 2003 along with setting the public-delegates you will also need to crack open the mailbox with CDO to set the delegates. I did see that there was some one found a method for setting delegates using the Exchange 5.5 SDK. However he was setting a delegate on a resource mailbox. The thread is pretty old but he looks to have accomplished a lot.
http://www.xtremevbtalk.com/archive/index.php/t-247882.html