Video Screencast Help

Automatic & Selective Enabling of User Accts

Created: 18 Feb 2014 • Updated: 19 Feb 2014 | 7 comments
This issue has been solved. See solution.

Hi I need to be able to either

Enable a user for archiving with a powershell Script (we have archiving tasks / mailboxes over two mail servers)

Use a AD attribute (preferable a cumstom one) that the auto enroll function can detect then enable the account for archiving.

Basically my problem is that we have numorous service / special accts with mailboxes we do not want to push to EV, but currently have no way to distinguish them which is where the custom attribute would help. in my ideal situation i would like to sweep AD user objects once a week and enable any objects with a certain attribute.

i could even script this if i could get a powershell command to enable the MB for archiving, we are using EV10 with exchange 2010 at the moment

Thanks

Operating Systems:

Comments 7 CommentsJump to latest comment

EdLacey's picture

If you AD design is consistent and segregates special/service accounts from ordinary user accounts then you can create a provisioning group and target specific OU's or create a specific AD Group and target that so your service desk can simply add accounts to be archived. Alternatively apply a custome attribute to accounts you want to archive and create a provisioning group with an LDAP query

Mark Prior20's picture

ok may not have explained or understood the answer correctly, heres an eample

User starts firm

User AD Account & MB created

(at the moment i have to manually enable the user for archiving in EV admin) Ev console, select enable for EV, select which MB server, select userID etc.......

We have a provisioning group that forces everything into EV once the account is enabled for archiving. so for example if a user leaves we make them a member of this group EV picks this up and forces all items to vault.

Its the actual enablement of the archiving i need to automate somehow

EdLacey's picture

So you don't have the checkbox "Archive mailboxes in this provisioning group" checked?

Mark Prior20's picture

yes this is enabled, but should this create a new archive for any user in that group ?

So "Joe.Bloggs" is created in AD (EV has never seen or touched this user)

i add him to the  Target group - "EV create" with the option "Archive mailboxes in this provisioning group" ticked, This will give / enable him for archiving in EV?

or just start pushing mail once i have manually enabled him in the EV console?

TonySterling's picture

On the Provisioning Group you can select to automatically enable mailboxes, I think that is where EDLacey was going.

You will want to make sure that only mailboxes you want enabled are part of that group.

How to automatically enable users for Enterprise Vault
padding: 1px;padding-bottom: 3px ;font: 12px Arial; text-align: left;">Article:TECH76756 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 0px;font: 12px Arial; text-align: left;">Created: 2009-01-12 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Updated: 2011-06-21 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Article URL http://www.symantec.com/docs/TECH76756
WiTSend's picture

Additionally, if you have service/resource account that you do not want enabled you can create a Provisioning group just for them, place it high the Provisioning Group hierachy and uncheck the "archive mailboxes in this provisioning group".   You can use a LDAP query with your custom attribute to automatically select the appropriate accounts.

JesusWept3's picture

if you are going to use a custom AD attribute in AD then you can use an LDAP query in your Provisioning Group...

So you could do the following
 

1. Open the Vault Admin Console
2. Expand out Directory on Server -> SiteName -> Targets -> Exchange -> YourDomain -> Exchange Server
3. Click Provisioning Group
4. Right click New -> Provisioning Group
5. Press Next
6. Give a name to the provisioning group like "EV Users" and press Next
7. Press the Add Button
8. Choose "LDAP Query" and press OK
9. Give the Display NAme a description like "EV Users (Attribute 6)"
10. The query root should be filled out already 
    should be something like GC://gcServer.myDomain.com/DC=myDomain,DC=com
11. In the query type the following to enable based on Custom Attribute 6 in AD: 
    (&((extensionattribute6=EnableEV)))
12. Press OK and then follow the prompts through to the End
 
Make sure that "Archive Mailboxes in this provisioning group is checked"
Make sure that on the Archiving Defaults that "Automatically enable mailboxes" is checked
 
and thats all you really need to do, run provisioning making sure that the group is appropriately placed
The enablements will occur when the archiving task kicks off so you dont have to manually enable anyone
 
SOLUTION