Using Powershell to Mail-Enable an AD User without CDOEXM
Over on microsoft.public.windows.powershell, it’s been asked how to mail-enable an AD user in an Exchange 2003 Environment. The MS supported way involves CDOEXM (part of Exchange System Manager) which seems to be rather difficult to use from powershell.
In reality, you can usually get away with using [ADSI] to modify several key attributes on the AD user and let RUS initailize the remaining attributes to create the mail-enabled user.
Here’s the example I posted on Usenet:
$user = [ADSI]"LDAP://CN=Powershell Test,OU=Standard Users,OU=Site1,DC=testlab,DC=com"
$user.mailNickname = "ptest"
$user.msExchHomeServerName = "/o=testlab/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=SITE1-03EX1"
$user.setinfo()
#wait for RUS - This can be seconds or hours depending on your Exchange configuration.
# To see the changes, reassign the modified AD object to $user
$user = [ADSI]"LDAP://CN=Powershell Test,OU=Standard Users,OU=Site1,DC=testlab,DC=com"
$user | fl *
The minimum attributes needed for RUS are mailNickname (Exchange Alias) and msExchHomeServerName. You can see the format that msExchHomeServerName expects in the example and this will obviously be different for every exchange server. If you don’t fill in any additional attributes, the mailbox will be created in the default mail store on the server specified. If you need to point to a different mail store, you can use the homeMDB attribute. Again, the easiest way to see the expected format is to grab an already mail-enabled user and take a look at the attributes:
PS C:\> $user = [ADSI]"LDAP://CN=Powershell Test,OU=Standard Users,OU=Site1,DC=testlab,DC=com"
PS C:\> $user | format-list cn,mailNickname,msExchHomeServerName,homeMDB,homeMTA,proxyAddresses
cn : {Powershell Test}
mailNickname : {ptest}
msExchHomeServerName : {/o=testlab/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=SITE1-03EX1}
homeMDB : {CN=Mailbox Store (SITE1-03EX1),CN=First Storage Group,CN=InformationStore,CN=SITE1-03EX1,CN=Ser
vers,CN=First Administrative Group,CN=Administrative Groups,CN=testlab,CN=Microsoft Exchange,CN=
Services,CN=Configuration,DC=testlab,DC=com}
homeMTA : {CN=Microsoft MTA,CN=SITE1-03EX1,CN=Servers,CN=First Administrative Group,CN=Administrative Grou
ps,CN=testlab,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=testlab,DC=com}
proxyAddresses : {SMTP:ptest@testlab.com, X400:c=US;a= ;p=testlab;o=Exchange;s=Test;g=Powershell;}
After you assign the necessary attributes and issue the .setInfo() method, you just have to wait for RUS to do it’s magic. This can take seconds or much longer. It just depends on how the Exchange environment is configured.
As with anything that directly modifies AD attributes… TEST, TEST and TEST some more in a LAB. Never start in a production environment.
gaurhoth
* Edited to reflect that this article is about Exchange 2003.