Mailboxes that have entries in the EV DB which are not in any provisioning group:
I've run into a strange issue with provisioning in a newly installed version 8.0.5 environment running on Windows 2008 R2 x64.
There are 2 separate locations (Massachusetts & Ohio), each having their own Exchange 2007 server and Enterprise Vault server.
The EV server hosting the directory and running the provisioning task is in Massachusetts.
When I add users, homed on the MA Exchange server, to provisioning everything works as expected...the user is provisioned and then enabled for archiving.
When I add users, homed on the OH Exchange server, the provisioning report looks like this:
Mailbox Provisioning
Time Rank Group Member Policy PST Policy Username Action
1:22:59 PM 3 OH EV Users Domain\OH_EV_Users Exchange Mailbox Policy Exchange PST Migration Policy CN=John Doe,OU=OH,OU=Support,OU=IT,OU=Business Operations,DC=Domain,DC=com Mailbox already updated by provisioning group member 'OH EV Users'/'Domain\Doe_John'
1:22:59 PM 3 OH EV Users Domain\OH_EV_Users Exchange Mailbox Policy Exchange PST Migration Policy CN=Bob Smith,OU=OH,OU=Support,OU=IT,OU=Business Operations,DC=Domain,DC=com Mailbox already updated by provisioning group member 'OH EV Users'/'Domain\Smith_Bob'
Mailboxes on Exchange Server [EXMBX-OH] that have entries in the Enterprise Vault database but which are not in any provisioning group:
/O=Domain/OU=OH/cn=Recipients/cn=Doe_John (state = new)
/O=Domain/OU=OH/cn=Recipients/cn=Smith_Bob (state = new)
It appears that Provisioning identifies the user as being a member of the active directory group which provisioning is pointing at....but then I get the errors above about the very same mailboxes NOT being in any provisioning group.
The only difference I can find between the users above and the users that have provisioned correctly is that they are on different Exchange Servers.
I have double-checked the Exchange Permissions and Send-As perms on each System Mailbox and all is in order.
Where to go from here?
Joe
Comments
Update
I moved a mailbox from the Ohio Exchange Server to the Massachusetts Exchange server and provisioning ran normally for that one mailbox.
What could the problem possibly be?
Do you have more than one
Do you have more than one provisioning group? It could be they are covered by more than one provisioning group which is why it says it has already been updated.
Have you checked the ExchangeMailboxEntry table to make sure there is only one entry for Smith_Bob and Doe_John?
Apart from the provisioning report message do the users have any other issues (i.e. can they be enabled, archived e.t.c)?
Regards
Karl
Remove from table
Hello Joseph,
Can you remove the two entries you test with from the ExchangeMailboxEntry table (in Directory database), and rerun provisioning?
What's the result there?
Thank you, Gertjan
MCSE, MCITP (2x), MCTS, SCS7.5/8.0/9.0, STS9/10
Company: www.t2.nl
The EV-Dashboard. Get it here: http://evdashboard.so
Provision Group ranking
Please ensure that the provision group for Massachusset is ranked higher than Ohio.
Mohammed Khawaja
How are you choosing what
How are you choosing what users to provision, is it an AD group or LDAP or something else?
You could try two provisioning groups that target based on Exchange server use the following example and edit as necessary.
(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=EVSERV1)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=EVSERV1))) ))
Tony Sterling
www.bluesource.net or www.bluesource.co.uk
Offices in the US and the UK
Yes I have 6 provisioning
Yes I have 6 provisioning groups setup, each PG points to an Active Directory security group.
The PGs look like this:
1. MA EV Users
2. OH EV Users
3. MA EV Cache Users
4. OH EV Cache Users
5. MA Disabled Users
6. OH Disabled Users
The users are NOT members of more than one PG. Only users from the Ohio office are placed in the OH EV Users PG.
I have not tried using an LDAP query versus targeting AD groups.
I've done a bit of work with SYM tech support so far and part of it was to remove entries for the affected users from the ExchangeMailboxEntry table (in Directory database), and rerun provisioning.
Basically the PG report looks the same and the entries are re-added to the table but I cannot enable them for archiving.
The thing that is bothering me is that when I moved a user/mailbox from the OH Exchange server to the MA Exchange server provisioning worked fine and I could enable the mailbox...?
first.
I would place the two Disabled Users PG at the top. (ie 1 and 2)
I'd have the cache PG's as 3rd and 4th
I'd have the OH pg as 5th, and the MA pg as last.
Also, you state that you use AD-security groups as targets for the PG. I assume you have examined thoroughly membership for John Doe?
CN John Doe seems to be in oh\support\it\business operations\domain\com, but is there perhaps another membership causing a conflict?
Thank you, Gertjan
MCSE, MCITP (2x), MCTS, SCS7.5/8.0/9.0, STS9/10
Company: www.t2.nl
The EV-Dashboard. Get it here: http://evdashboard.so
Would it be possible to
Would it be possible to provide a Dtrace of the Exchange provisioning task and the output from the ExchangeMailboxEntry table for any row matching the affected user John Doe?
Do you get any errors enabling the mailbox or does the user just not appear in the wizard ?
-Karl
I never did get to a
I never did get to a resolution on this problem. The project has been shelved for the time being due to the number of issues I've run into trying to get EV working.
Would you like to reply?
Login or Register to post your comment.