Archive for the ‘Active Directory’ Category

Associated External Account for an Exchange Server 2003 Mailbox and Issues Accessing Other Mailbox Folders and Public Folders

Wednesday, October 20th, 2010

2010-10-20 Initial Post

Exchange Server 2003 SP2, Windows Server 2003 SP2 AD

I ran into an issue at work the other day which was new to me and I didn’t really find any good documentation either on the Internet or at work, so I did some testing and wrote up a procedure to get around the issue. The issue has to do with the Associated External Account feature. Basically, that feature is used to grant permission to a mailbox in a cross-forest account/resource forest setup. If both of a user's accounts in the account and resource forest are enabled (not MS recommended), he will not be able to access other users'  Outlook folders or Outlook public folders unless a special procedure is followed.

I'm going to give an account of my testing scenario and will not be going into a lot of background details, so refer to the articles on MSExchange.org and MS TechNet for background info on the Associated External Account feature. The issue can be really confusing, so I don't expect anyone to follow it easily, but if you're reading this, then that means you might have run into the same issue and will understand what I'm describing. (more…)

Mailbox Storage Limits and Their AD User Attributes

Tuesday, July 6th, 2010

2010-07-06 Initial Post

Exchange Server 2003 SP2, Windows Server 2003 SP2 AD

These are the AD attribute names for common mailbox size limit settings. You can use these attributes in a script to make changes or view current settings. (more…)

AD DNS Stub Zones, Conditional Forwarders, and Zone Delegation

Tuesday, June 22nd, 2010

2009-09-08 Initial Post

Windows Server 2003/2008

STUB ZONES AND CONDITIONAL FORWARDERS

I’ve been working with AD for 9 years and just recently really understood what a stub zone was and which situations are appropriate for its use. I also came to a similar realization about conditional forwarding, although I was already more familiar with that. Anyway, I don’t think many people really understand these features for two major reasons: (more…)

Group / Distribution List Management –> Managed By Tab, Advanced Permissions, DACLS

Thursday, April 15th, 2010

2010-04-15 Updated
2008-04-15 Initial Post

Tested on Windows Server 2003 SP2 AD / Exchange Server 2003 SP2

When a user or group is made the manager of a group via the Managed By tab of the group’s properties AND the checkbox for “Manager can update membership list” is selected, the user/group is given permission to add and remove members. If that checkbox is not selected, nothing else really happens other than the user/group’s name showing up as the group manager. If the user/group that is the manager is also mail enabled, viewing the managed group’s properties from Outlook would show the manager’s name as Owner. (more…)

AD Database –> Ntds.dit, Ntdsutil.exe, Directory Services Restore Mode

Friday, March 19th, 2010

2008-07-16 Initial Post

Windows Server 2003 AD

Ntds.dit is the actual file for the AD database. By default, it’s located in C:\WINDOWS\NTDS\ along with related transaction logs and checkpoint files. The database is based on ESE (Extensible Storage Engine) technology, which is also used by Exchange Server. It is not a flat file database and uses transaction logs and other database technologies. Only Administrators and system accounts have permission to C:\WINDOWS\NTDS\ by default. The files are locked by the OS during normal operation, so you wouldn't be able to make a copy of them while the OS is operating normally. (more…)