Dec 29, 2006

Scripting WMI Tasks: Accounts and Domains


Dec 7, 2006

Can you trust ADU&C ?

Yesterday I was surprised to realize that ADUC won't report complete group membership, dsget and ldp report results ok.

This is explained in KB833883 and supposedly fixed in Windows 2003 sp1. However, while this hotfix is included in sp1, it's still needed to make the registry changes outlined in the same KB to make the hotfix work. Not entirely know why couldn't MS include that registry change altogether in sp1.

Please see the usernet thread I raised in details.

Dec 5, 2006

Required Active Directory Attributes for Email Delivery

--- copied from “Exchange 2003 Transportation and Routing Guide”

When you are troubleshooting an NDR, verify that all mail-enabled attributes that Message Categorizer requires exist for that recipient in Active Directory. In Exchange 2000, multiple attributes must be correct for messages to be categorized:


This list of required attributes is valid only if the recipient is a mailbox-enabled object in Active Directory (for example, an Exchange 2003 recipient). However, if the recipient is an Exchange Server 5.5 recipient, the only attributes that have to be present are:


For mail-enabled objects (for example, a custom recipient) and alternate addresses, the targetAddress attribute is required. If the targetAddress attribute is not present, the fallback is to the mail attribute.

If an e-mail message is missing any of the required attributes or if they are incorrect, the message may remain in the categorizer, and no events are created in Event Viewer. If you track the message, it appears in Message Categorizer or it generates an NDR, depending on which attribute is missing. If you want to check these attributes for a user in Active Directory, use the LDP tool or ADSI Edit. For more information about the LDP tool or ADSI Edit, see the Windows online documentation.

Dec 4, 2006

Why outlook shows only sender email address instead of Display Name?

There are many possibilities. One of them is a by-design mechanism to prevent spoofed emails.

To prevent spoofing, Exchange 2003 requires authentication before a sender’s name is resolved in GAL. So be alarmed when you see SMTP address instead of display name in the sender field when the sender is supposed to be an internal user.

How To Setup Exchange To Receive Emails For A Shared SMTP Domain

Assume that we have 2 Exchange organizations, one is responsible for * emails (MainOrg), the other is responsible for * emails (SubOrg). Now we want MainOrg to receive emails on behalf of SubOrg, meaning all emails that are sent to * address should go to Exchange server in MainOrg.

Note: SubOrg doesn't have to be Exchange, it could be any mail system

1. For all users in SubOrg, create contacts in MainOrg
2. Create a Recipient Policy that will generate exactly same email addresses for contacts you created in step 1. This Recipient Policy should NOT be authoritative for
3. Change public MX record of so it now points to MainCompany Exchange server instead of subCompany Exchange server
4. Create a SMTP connector on MainOrg Exchange server, specify as its space
5. Enable "relay for this domain" on the connector created in step 3, forward all mail to subCompany exchange server (subOrg Exchange as smart host)
6. Restart Routing Engine and SMTP services

Caution: subOrg must be configured as "authoritative" for