Tuesday, September 02, 2008

Completely Removing a Mailbox Enabled User's Mailbox

If an object is a mailbox enabled user with a valid mailbox, the "Delete Mailbox" option will be available only if there is a mailbox (so a distribution list would have a "Remove email address" option instead).

The "Remove Exchange Attributes" option is available for ANY type of recipient object, mail enabled or not. This option is extremely useful when there is a need to "clear" the attributes in case that some of them were damaged or not valid for some reason. Let's say there is a mailbox enabled user that had some of his attributes changed by some process, and because of that, you cannot use the "Delete Mailbox" option. You can always run AdSearch and "clear out" the values so you can start fresh with mailbox enabling that user again.

Remove Exchange Attributes removes the following attributes as long as they actually exist as available attributes of that schema object:

You can use ADSearch to report the status of each attribute by copying the list below and adding it to the objects attribute properties.

adminDisplayName
altRecipient
authOrig
autoReplyMessage (ILS Settings)
deletedItemFlags
delivContLength
deliverAndRedirect
displayNamePrintable
dLMemDefault
dLMemRejectPerms
dLMemSubmitPerms
extensionAttribute1
extensionAttribute10
extensionAttribute11
extensionAttribute12
extensionAttribute13
extensionAttribute14
extensionAttribute15
extensionAttribute2
extensionAttribute3
extensionAttribute4
extensionAttribute5
extensionAttribute6
extensionAttribute7
extensionAttribute8
extensionAttribute9
folderPathname (Outlook Web Access Server)
garbageCollPeriod
homeMDB (Exchange Mailbox Store)
homeMTA
internetEncoding
legacyExchangeDN
mail (E-Mail Address)
mailNickname (Alias)
mAPIRecipient
mDBOverHardQuotaLimit
mDBOverQuotaLimit
mDBStorageQuota
mDBUseDefaults
msExchADCGlobalNames
msExchControllingZone
msExchExpansionServerName
msExchFBURL
msExchHideFromAddressLists
msExchHomeServerName (Exchange Home Server)
msExchMailboxGuid
msExchMailboxSecurityDescriptor
msExchPoliciesExcluded
msExchPoliciesIncluded
msExchRecipLimit
msExchResourceGUID
protocolSettings
proxyAddresses (Proxy Addresses)
publicDelegates
securityProtocol
showInAddressBook
submissionContLength
targetAddress
textEncodedORAddress
unauthOrig

In addition to removing the attributes above, the Delete Mailbox option also removes the mailbox information from the dsaccess cache. Note that this actually leaves the mailbox in place with the expectation that the mailbox cleanup task will take care of it at the appropriate time. So the mailbox is actually NOT deleted (purged) from the Information Store as part of this process. Although it will be purged by the mailbox cleanup task later, or as specified by the "Deletion settings" for mailboxes on the database's Limits tab in ESM.

1 comment:

  1. Hi Guys,

    Thanks for sharing your insightful thoughts and suggestions - very helpful, and appreciated indeed.

    On a related note, recently we needed a quick and efficient way to find out which accounts were OWA enabled (for an internal security audit) so we asked our on-site MS consultant and he recommended using the Gold Finger from Paramount Defenses Inc.

    Gold Finger pleasantly surprised us because not only was it endorsed by Microsoft but also 100% FREE and loaded with almost 250 useful Active Directory security, Exchange and ACL management reports. BTW, you can download it for free from http://goldfinger.paramountdefenses.com

    In particular, it has over 60 inbuilt Exchange reports, including OWA and MAPI enabled accounts. For a complete list of reports, checkout www.paramountdefenses.com/goldfinger_security_reports_exchange_management.php

    Thought I'd share this with you incase it could help you too, especially if you need a free way to generate Exchange and AD security reports.

    Thanks again, and looking forward to your next post.

    Best wishes,
    Jonathan

    ReplyDelete

Note: Only a member of this blog may post a comment.