Exact c'est dans ce bouquin que j'ai trouvé l'info :
Recipe 22.9. Mail-Enabling a User
Problem
You want to mail-enable a user.
Solution
- Using a graphical user interface
Open the Users and Computers (ADUC) snap-in.
This needs to be run on a workstation or server that has the Exchange Management Tools loaded (see Recipe 22.6).
If you need to change domains, right-click on Active Directory Users and Computers in the left pane, select Connect to Domain, enter the domain name, and click OK.
In the left pane, browse to the parent container of the user, right-click on the user, and select Exchange Tasks.
On the Welcome screen, click Next.
Select Establish E-mail Address and click Next.
Verify the mail alias is what you want.
Click Modify, select external email address type (generally SMTP Address), click OK, enter an external email address, and click OK.
There is an Advanced tab on the Internet Address Properties screen. On this tab, you have the option to override the default handling of email sent to this recipient (e.g., you can force all email to be delivered as HTML or plain text, etc.).
On the Completion screen, click Finish.
- Using a command-line interface
> exchmbx -b "<User DN>" -me <smtp email address>
Replace <User DN> with the user's distinguished name and <smtp email address> with the user's external email address.
To mail enable the user joe with the email address joe@unixmail.rallencorp.com, execute the following command. The command should be contained on one line:
> exchmbx -b "cn=joe,cn=users,dc=rallencorp,dc=com" -me joe@unixmail.rallencorp.com
For an alternative Microsoft-native tool method, create an LDIF file called mailenable_user.ldf with the following contents:
dn: <User DN>
changetype: modify
replace: targetAddress
targetaddress: SMTP:<smtp email address>
-
replace: mailNickName
mailNickname: <mail nickname>
-
replace: mAPIRecipient
mAPIRecipient: FALSE
-
replace: legacyExchangeDN
legacyExchangeDN: <legacy exchange DN>
-
replace: internetEncoding
internetEncoding: 1310720
-
Replace <User DN> with the user's distinguished name, <smtp email address> with the user's external email address, and <legacy exchange DN> with the proper legacy exchange distinguished name value. Then run the following command:
>ldifde -i -f mailenable_user.ldf
' This code mail enables a user.
' ------ SCRIPT CONFIGURATION ------
strUserDN = "<UserDN>" ' e.g. cn=jsmith,cn=Users,dc=rallencorp,dc=com
strEmailAddr = "<EmailAddress>" 'e.g. jsmith234@freemail.net
' ------ END CONFIGURATION ---------
Set objUser = GetObject("LDAP://" & strUserDN)
objUser.MailEnable strEmailAddr
objUser.Put "internetEncoding",1310720
objUser.SetInfo()
Wscript.Echo "Successfully
mail-enabled user."
Discussion
A mail-enabled user is a user object that has at least one email address defined within Exchange, but does not have a mailbox. This does not give any access rights to the user within the Exchange system; it simply allows Exchange users to select the mailenabled user from the GAL and easily send email to them. You would use a mailenabled user when you have a user who needs to log in to the domain, but has an email address external to the forest's Exchange organization. The email address could be external to the company or it could just be external to the Exchange organization of that forest. Examples would be users with mailboxes on external email systems or users with mailboxes on internal non- Exchange servers.
To mail-enable a user, you need to have permissions of Exchange View-Only Administrator or higher for the target administrative group. In addition, you need to have Read and Write permissions to the following object attributes:
adminDisplayName
autoReplyMessage (ILS Settings)
displayName (Display Name)
dLMemDefault
homeMDB (Exchange Mailbox Store)
homeMTA
internetEncoding
legacyExchangeDN
mail (E-Mail Address)
mailNickname (Alias)
mAPIRecipient
msExchADCGlobalNames
msExchControllingZone
msExchFBURL
msExchHideFromAddressLists
msExchHomeServerName (Exchange Home Server)
msExchMailboxGuid
msExchMailboxSecurityDescriptor
msExchPoliciesExcluded
msExchPoliciesIncluded
msExchResourceGUID
proxyAddresses (Proxy Addresses)
showInAddressBook
targetAddress
textEncodedORAddress
When you create a mail-enabled user with ADUC or with VBScript, you call out to the CDOEXM interface, which is the Microsoft-supported method of managing Exchange attributes on users, groups, and contacts. The specific method in this case is MailEnable. In the background, the specific changes made by the MailEnable method are on the user object in Active Directory and include changes to the following attributes:
targetAddress
mailNickname
mAPIRecipient
legacyExchangeDN
In addition to those attributes, the internetEncoding attribute should also be set for proper message handling. This is the attribute that is updated if you go into the Advanced tab of the Internet Address Properties screen. The default value for this attribute is 1310720, which tells Exchange to use the default settings of the Internet Mail Service. You can specify other values to force email to be converted to various formats. Table 22-3 contains the list of alternate values for the internetEncoding attribute.
Table 22-3. internetEncoding attribute values Value
Meaning
Use Internet Mail Service settings
Allow plain text
Allow plain text or HTML
Allow plain text/uuencoding
Allow plain text/uuencoding with BinHex
Once all of those attributes are in place, the RUS sets additional attributes on the user object to make it useable for Exchange.
- Using a graphical user interface
Mail-enabling a user is a little more confusing if you are creating new users because you don't get prompted to mail-enable them. To create a mail-enabled user from scratch, create the user and, when prompted to create a mailbox, clear the Create an Exchange Mailbox checkbox. Once the user is created, follow the directions described in the solution.
- Using a command-line interface
Command-line administration tools for Exchange are rather rare. Luckily, the Exch-Mbx tool is available as a free download from http://www.joeware.net. This tool can turn a difficult process into something quite simple. If you need to modify the internetEncoding attribute, add the internetencoding option to the parameter list specifying the proper value from Table 22-3. For example:
>
exchmbx -b <UserDN> -me <SmtpEmailAddress> -internetencoding 917504
If you prefer Microsoft-native solutions, the LDIF solution we described will work, but can be dangerous because there is the possibility of duplicating critical values within the Exchange organization. If you put duplicate mailNickname or legacyExchangeDN values into the system, you will have bad results in your Exchange organization that will almost certainly start producing nondelivery reports (NDR) for the mail objects involved.
The mailNickname attribute can generally be set to be the same as the sAMAccountName, which has to be unique in the domain. But what should you do you with legacyExchangeDN? If you aren't tied to a legacy 5.5 organization, you can follow the simple format the system currently uses. If you have a legacy 5.5 organization, you need to follow the structure for that organization. For assistance with this, contact Microsoft PSS or Microsoft Consulting Services.
The general format of legacyExchangeDN is:
/o=<Org>/ou=<AdministrativeGroup>/cn=<RecipientContainer>/cn=<mailnickname>
Assuming your mailNickName is unique (it had better be) and you know the values for the other variables, you can quickly construct a legacyExchangeDN like:
/o=CORPMAIL/ou=NORTHAMER/cn=Recipients/cn=NICOLEHANSKNECHT
You should always verify by searching Active Directory that the legacyExchangeDN you chose is not already used. The reason for this is that someone may have changed an existing user's mailNickname but, correctly, did not touch the legacyExchangeDN value. You could, of course, fix the legacyExchangeDN of that other user so that it properly fits the pattern, but you would impact the user's email functionality.
The attribute legacyExchangeDN is used in Exchange internally for addressing email. If you try to respond to an email sent to you by a user within the same Exchange organization who has had her legacyExchangeDN changed, you will get an NDR and the mail will not be delivered. So, if a user has a name change from Chris Smith to Chris Jones and her sAMAccountName and mailNickname both change from csmith to cjones, her legacyExchangeDN must remain the same so that anyone within the Exchange organization will be able to easily respond to emails she sent as csmith. The point is that you should always check that the legacyExchangeDN value you are setting is unique. The simple solution to follow if the value is already present is to append a -1, -2, or whatever dash value is required to get to a unique value.
You have the option of not specifying the legacyExchangeDN in the LDIF file. If the attribute is empty, Exchange will populate it for you. If there is already a value, Exchange will not change the attribute.
Unfortunately, if you are mail enabling an object that was previously mail- or mailbox enabled, it could have an existing value for legacyExchangeDN; this value may or may not be unique. One very specific case is that some tools will set the legacyExchangeDN value to ADCDisabled when an object is mail or mailbox disabled to alert the ADC to the object's status.
You can modify the internetEncoding attribute value in the LDIF file to any value in Table 22-3.
If you want to mail enable multiple users at once, remove the -b option from the parameter list and pipe the distinguished names into ExchMbx from another tool or from a file. Run exchmbx /? for usage details.
Using VBScript
Creating a mail-enabled user from VBScript is quite simple; one call to the MailEnable method and the work is done. As we indicated in the CLI solution, you can modify the internetEncoding value to one of the other values in Table 22-3 depending on your needs.
See Also
Recipe 22.6, Recipe 22.10 for more on mail-disabling a user, MS KB 275636 (Creating Exchange Mailbox-Enabled and Mail-Enabled Objects in Active Directory), and MS KB 281740 (XCON: Internet Mail Service Settings Are Not Overridden for Custom Recipients in Distribution List) for the values of internetEncoding
Message édité par Je@nb le 30-08-2007 à 10:58:26
FORUM HardWare.fr
