Introduction to Exchange 2003 Server - ADSI Edit
ADSI Edit is like a double-edged sword. One side of ADSI Edit configures Active Directory properties,
whilst the other side teaches you about the operating system components.
Topics
for Exchange 2003 ADSI Edit
♠
My first question with any new utility is, 'Where does it come from?' In the case of ADSI Edit, you install it as part of Windows Server 2003's support tools. Once installed, I add ADSI
Edit
as a snap-in to my MMC along with Active Directory Users and Computers and the Exchange System Manager.
My second question is what does the acronym ADSI mean? The answer, Active Directory Service Interface, also gives a good description of the purpose of this utility.
Your main call for ADSI Edit is when TechNet directs you to adjust values in Active Directory. Once you launch ADSI Edit the next decision is to choose the context, Domain or Configuration, RootDSE
or schema.
Before considering the benefits of ADSI Edit, a
word of warning, when you use this interface the operating system does not check the validity of your values. For example, suppose you are configuring with the Exchange System Manager, if you enter
enter the letter o (oh) in a numeric field, then the interface will issue a warning and refuse the entry. However, with ADSI Edit there is no validation check and therefore you could enter values
that will cause unpredictable results. Now for ADSI Edit in action. I have select examples for you to get the feel of how this utility interacts with Active Directory settings.
Guy Recommends: SolarWinds Engineer's Toolset v10
The Engineer's Toolset v10 provides a
comprehensive console of utilities for troubleshooting computer problems. Guy says
it helps me monitor what's occurring on the network, and the tools
teaches me more about how the system literally operates.
There are so many good gadgets, it's like having free rein of a
sweetshop. Thankfully the utilities are displayed logically: monitoring, discovery, diagnostic, and Cisco tools.
Download your copy of the Engineer's Toolset v 10
When you restore the System State, be aware of the 60 day limit for your backup. What happens is that all objects older than 60 days get cleared up by the built-in garbage collection utility. As
a result any information that you restore, which is over 60 days old, will be deleted immediately. In other words you are wasting your time restoring Active Directory data older than 60 days - unless you edit tombstoneLifetime.
The only way to adjust this tombstoneLifetime parameter, is with ADSI Edit. Navigate to the Configuration container (not the Domain container). Next, expand CN=Services, CN=Windows NT and then
right click Directory Service. Scroll down to tombstoneLifetime and set the value in days. For example if you backup is 87 days old, set the tombstoneLifetime value to 95. Now you will be able to restore the
System State without the operating system over-writing your backup.
Would you prefer to see names listed as Steve Redgrave, or Redgrave, Steve? User-Display is a modification which reverses the order of firstname lastname. By default a user's name displays in the GAL as firstname lastname. You can see this order in both Active Directory Users and Computers
and in the Global Address Lists. Thanks to ADSI Edit, the user-Display attribute gives you control over the sequence of firstname and lastname.
Launch ADSI Edit and then
expand the Configuration Container (not the Domain Container). Next navigate to DisplaySpecifiers and select, CN=409. (This gives the sort order for US English.) The crucial property is
user-Display. Right click User-Display and select createDialog. When you user-Display, it not only affects Full Name in the GAL, but also the Display name field in Active Directory Users and Computers.
To have names displayed as Lastname, Firstname use this value: %<sn>, %<givenName>
(Note the space between the two parts. Also note that givenName is case sensitive.)
Result would be Redgrave, Steve (changed from Steve Redgrave).
The legacyExchangeDN problem arises when you cannot move a mailbox from Exchange 5.5 to Exchange 2003. What happen is you receive this:
Error code: '0x80020009'.
Error description: 'There is no such object on the
server.'
The solution to the legacyExchangeDN error is to launch the ADSI Edit snap-in, expand Domain NC, expand DC=DomainName,DC=com, expand CN=Users, right click the account of which cannot be moved, and then click Properties, select CN=UserName, select a
property to view, and then click legacyExchangeDN. Finally scroll down the list of attributes to msExchADCGlobalNames, and delete the text for that entry.
 Guy Recommends:
The SolarWinds Exchange Monitor
Here is a
free tool to monitor your Exchange Server. Download and
install the utility, then inspect your mail queues, monitor the Exchange
server's memory, confirm there is enough disk space and check the CPU
utilization. This is the real deal - there is no catch. SolarWinds
provides this fully-functioning product for free, as part of their commitment to
supporting the network management community.
Free Download of SolarWinds Exchange Monitor
ADSI Edit, is well worth mastering. There are numerous Active Directory settings that you can only change through this utility. Take every opportunity to launch ADSI Edit and explore the
attributes in the domain and configuration containers of Active Directory.
Download your Exchange 2003 Migration eBook for only $6.25
 The
extra features you get in your eBook include: 20 checklists to
plan your migration. Detailed instructions and advice on the best
strategy for your organization.
Lots of tips, recommendations and troubleshooting advice. Problem
solving section. Active Directory explained. Printer friendly
pages.
[exchange2003/IncludeAlsoGal.htm] |
