Introduction to Exchange 2003 Server – ADSI Edit
ADSI Edit is like a double-edged sword. One side of ADSI Edit configures Active Directory properties, whilst the other side teaches you about the operating system components.
Topics for Exchange 2003 ADSI Edit
- Where does ADSI Edit come from?
- Dangers of ADSI Edit
- Tombstone – 60 Day Limit
- User-Display, Lastname Firstname
- legacyExchangeDN and msExchADCGlobalNames
My first question with any new utility is, ‘Where does it come from?’ In the case of ADSI Edit, you install it as part of Windows Server 2003’s support tools. Once installed, I add ADSI Edit as a snap-in to my MMC along with Active Directory Users and Computers and the Exchange System Manager.
My second question is what does the acronym ADSI mean? The answer, Active Directory Service Interface, also gives a good description of the purpose of this utility.
Your main call for ADSI Edit is when TechNet directs you to adjust values in Active Directory. Once you launch ADSI Edit the next decision is to choose the context, Domain or Configuration, RootDSE or schema.
Before considering the benefits of ADSI Edit, a word of warning, when you use this interface the operating system does not check the validity of your values. For example, suppose you are configuring with the Exchange System Manager, if you enter enter the letter o (oh) in a numeric field, then the interface will issue a warning and refuse the entry. However, with ADSI Edit there is no validation check and therefore you could enter values that will cause unpredictable results.
Now for ADSI Edit in action. I have select examples for you to get the feel of how this utility interacts with Active Directory settings.
Import users from a spreadsheet, complete with their mailbox. Just provide a list of the users with the fields in the top row, and save as .csv file. Then launch this FREE utility, match your Exchange fields with AD’s attributes, click and import the users. Optionally, you can provide the name of the OU where the new mailboxes will be born.
- Bulk-import new users and mailboxes into Active Directory.
- Seek and zap unwanted user accounts.
- Find inactive computers.
When you restore the System State, be aware of the 60 day limit for your backup. What happens is that all objects older than 60 days get cleared up by the built-in garbage collection utility. As a result any information that you restore, which is over 60 days old, will be deleted immediately. In other words you are wasting your time restoring Active Directory data older than 60 days – unless you edit tombstoneLifetime.
The only way to adjust this tombstoneLifetime parameter, is with ADSI Edit. Navigate to the Configuration container (not the Domain container). Next, expand CN=Services, CN=Windows NT and then right-click Directory Service. Scroll down to tombstoneLifetime and set the value in days. For example if you backup is 87 days old, set the tombstoneLifetime value to 95. Now you will be able to restore the System State without the operating system over-writing your backup.
Would you prefer to see names listed as Steve Redgrave, or Redgrave, Steve?
User-Display is a modification which reverses the order of firstname lastname. By default a user’s name displays in the GAL as firstname lastname. You can see this order in both Active Directory Users and Computers and in the Global Address Lists. Thanks to ADSI Edit, the user-Display attribute gives you control over the sequence of firstname and lastname.
Launch ADSI Edit and then expand the Configuration Container (not the Domain Container). Next navigate to DisplaySpecifiers and select, CN=409. (This gives the sort order for US English.) The crucial property is user-Display. right-click User-Display and select createDialog. When you user-Display, it not only affects Full Name in the GAL, but also the Display name field in Active Directory Users and Computers.
To have names displayed as Lastname, Firstname use this value: %<sn>, %<givenName>
(Note the space between the two parts. Also note that givenName is case sensitive.)
Result would be Redgrave, Steve (changed from Steve Redgrave).
legacyExchangeDN and msExchADCGlobalNames
The legacyExchangeDN problem arises when you cannot move a mailbox from Exchange 5.5 to Exchange 2003. What happen is you receive this:
Error code: ‘0x80020009’.
Error description: ‘There is no such object on the server.’
The solution to the legacyExchangeDN error is to launch the ADSI Edit snap-in, expand Domain NC, expand DC=DomainName,DC=com, expand CN=Users, right-click the account of which cannot be moved, and then click Properties, select CN=UserName, select a property to view, and then click legacyExchangeDN. Finally scroll down the list of attributes to msExchADCGlobalNames, and delete the text for that entry.
The main reason to monitor your network is to check that your all your servers are available. If there is a network problem you want an interface to show the scope of the problem at a glance.
Even when all servers and routers are available, sooner or later you will be curious to know who, or what, is hogging your precious network’s bandwidth. A GUI showing the top 10 users makes interesting reading.
Another reason to monitor network traffic is to learn more about your server’s response times and the use of resources. To take the pain out of capturing frames and analysing the raw data, Guy recommends that you download a copy of the SolarWindsfree Real-time NetFlow Analyzer.
ADSI Edit, is well worth mastering. There are numerous Active Directory settings that you can only change through this utility. Take every opportunity to launch ADSI Edit and explore the attributes in the domain and configuration containers of Active Directory.
If you like this page then please share it with your friends