{"id":582,"date":"2009-05-08T00:00:00","date_gmt":"2009-05-08T00:00:00","guid":{"rendered":"https:\/\/test.simple-talk.com\/uncategorized\/emulating-the-exchange-2003-rus-for-out-of-band-mailbox-provisioning-in-exchange-2007\/"},"modified":"2024-08-30T09:58:03","modified_gmt":"2024-08-30T09:58:03","slug":"emulating-the-exchange-2003-rus-for-out-of-band-mailbox-provisioning-in-exchange-2007","status":"publish","type":"post","link":"https:\/\/www.red-gate.com\/simple-talk\/sysadmin\/general\/emulating-the-exchange-2003-rus-for-out-of-band-mailbox-provisioning-in-exchange-2007\/","title":{"rendered":"Emulating the Exchange 2003 RUS for Out-of-Band Mailbox Provisioning in Exchange 2007"},"content":{"rendered":"
\n

Exchange 2000 and Exchange 2003 included a component known as the Recipient Update Service or RUS.  The RUS runs as a sub-process of the System Attendant, and is responsible for discovering partially provisioned mailboxes and fully provisioning them.  The RUS is required because when user accounts are configured to have a mailbox using Active Directory Users and Computers (ADUC), they only have a few key attributes assigned.  When the RUS discovers these partially configured accounts they are stamped with the remaining required attributes and a mailbox will subsequently be created in the appropriate Exchange database when the mailbox is either logged onto or receives a message.<\/p>\n

Many Exchange administrators who have worked with Exchange 2000 or 2003 will have experienced times when the RUS hasn’t worked at all or has worked slowly, and as a result have had problems with mailbox provisioning or updates.<\/p>\n

In Exchange 2007 the RUS is no longer present because when a mailbox is provisioned in either of the Exchange management tools it is automatically fully provisioned straight away.  This is great if mailboxes are only ever provisioned using the Exchange 2007 tools, but if you use an out-of-band process to provision mailboxes you will run into trouble as those mailboxes will never be picked up and fully provisioned by Exchange 2007.  <\/p>\n

For example, in Exchange 2003 it’s possible to cause a mailbox to be provisioned simply by setting the LegacyExchangeDN, Mailnickname, and homeMDB attributes on a user object.  The RUS will find the user account and will finish provisioning the mailbox.  If you try this with Exchange 2007 you won’t get a usable mailbox <\/p>\n

Fortunately, there is a way to emulate the Exchange 2000\/2003 RUS on Exchange 2007 using two Exchange 2007 PowerShell cmdlets, Update-EmailAddressPolicy<\/b> which will apply an email address policy to mailboxes, and Update-AddressList<\/b> which will update address list memberships.  <\/p>\n

The easiest way to run the “update” cmdlets is to pipe input to them from the “get” cmdlets.  These commands will update all email address policies and address lists:<\/p>\n

Get-EmailAddressPolicy | Update-EmailAddressPolicy\nGet-AddressList | Update-AddressList\n<\/pre>\n
After running these commands the mailbox will be provisioned and will appear in the Exchange address lists, but it will appear in the Exchange Management Console as a “Legacy Mailbox”.  A legacy mailbox will still function for sending and receiving email, but it’s not possible to enable or disable Exchange 2007 features such as Messaging Records Management or Unified Messaging.  Legacy mailboxes can be converted to Exchange 2007 mailboxes using the Set-Mailbox<\/b> cmdlet with the –ApplyMandatoryProperties<\/i> parameter.<\/p>\n
If your Exchange environment has only Exchange 2007 servers this command will update all legacy mailboxes to Exchange 2007 mailboxes:<\/p>\n
Get-Mailbox -RecipientTypeDetails LegacyMailbox | Set-Mailbox -ApplyMandatoryProperties\n<\/pre>\n
If you have mailboxes hosted on legacy versions of Exchange and on Exchange 2007 you will need to filter the command to only touch those hosted on Exchange 2007.  This command will do that by first getting only the Exchange 2007 servers then finding all the legacy mailboxes on those servers:<\/p>\n
Get-ExchangeServer | \nWhere{$_.AdminDisplayVersion.ToString().SubString(0, 10) -eq\"Version 8.\"} | ForEach{ Get-Mailbox -Server $_.Name -RecipientTypeDetails LegacyMailbox | Set-Mailbox -ApplyMandatoryProperties} \n\n\n<\/pre>\n
The same problem exists for changes made to users outside of the Exchange Management tools.  Any changes made within the Exchange 2007 tools are instantly reflected in the user’s email addresses and address list membership, but changes which would impact email address polices and address list memberships that are made using out-of-band tools such as ADUC, ADSIEdit, or other tools for directly editing Active Directory will not show up in the Exchange 2007 mailbox properties until the same “update” commands are run.<\/p>\n
For example, if there is an email address policy which applies email addresses in the format firstname.lastname, and the last name of a user is changed using an Exchange 2007 tool the user will instantly get a new email address with the new last name.  If the same change is made using an out-of-band tool or process then the name change will not be reflected in the user’s Exchange email addresses.<\/p>\n
This problem can also be solved by running the Update-EmailAddressPolicy<\/b> and Update-AddressList<\/b> cmdlets.<\/p>\n
So, if your environment requires out-of-band mailbox provisioning or user updates then the simplest solution is to put these three commands into a PowerShell script and schedule it to run as often as needed (don’t forget that if you still have mailboxes hosted on legacy Exchange servers you need to change the last command to the filtered version shown above):<\/p>\n
Get-EmailAddressPolicy | Update-EmailAddressPolicy\nGet-AddressList | Update-AddressList\nGet-Mailbox -RecipientTypeDetails LegacyMailbox | Set-Mailbox -ApplyMandatoryProperties\n<\/pre>\n
To run the Update-EmailAddressPolicy<\/b> cmdlet you need to be delegated the Exchange Server Administrator role and have local Administrators rights for the Exchange server. To run Update-AddressList<\/b> you need to be delegated the Exchange Organization Administrator role.  To run the Set-Mailbox <\/b>cmdlet you need to be delegated the Exchange Recipient Administrator role.<\/p>\n
More Information on the cmdlets can be found on the Microsoft TechNet website:<\/p>\n