0 votes

Hello,

We have an issue where email address is not being updated per email address policy after user account rename. If change is being done on Exchange directly it works fine. If after rename on Adaxes we toggle email address policy check mark in Exchange it works. But somehow we are unable to automate email address policy toggle for the mailbox after account rename. We are in hybrid exchange. This is the task: image.png It throws this error: image.png Can you please tell me what I am doing wrong here?

by (3.9k points)

1 Answer

0 votes
by (162k points)

Hello,

To edit Exchange properties of AD objects, Adaxes uses management cmdlets provided by Exchange Server, such as Set-Mailbox, for example. The error message means that the account whose credentials were used to register your AD domain in Adaxes is not allowed to use the EmailAddressPolicyEnabled parameter of one of the cmdlets used. For information on how to check/change the account, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.ManageActiveDirectory.ManageDomains.ChangeManagedDomainLogonInfo.html.

To resolve the issue, you need to add the parameter to the Exchange Management Roles assigned to the account. Alternatively, you can create a new Role that for this purpose, and then assign the role to the user. For information on how to do that, use the following guide by Microsoft: https://blogs.technet.microsoft.com/rmilne/2013/12/16/how-to-add-or-remove-cmdlet-parameter-from-rbac-management-role/. See section Add A Single Parameter.

After performing changes following the guide, restart Softerra Adaxes Service.

0

Hello,

Permissions are fine for Adaxes account. And we can verify it by running the task as powershell script and remoting into Exchange server. But we want to use builtin functionality and that does not work. Here is a list of permission groups the account is member of: image.png What else could we check regarding this issue?

0

Also I have tried doing the change using ADSI script:

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

# Bind to user object
$userDN = "CN=company,DC=com"
$user = $admService.OpenObject("Adaxes://$userDN", $NULL, $NULL, 0)

# Create an instance of the AdmExchangeMailboxParameters class
$mailboxParams = New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxParameters"

# Automatically update e-mail addresses based on e-mail address policy
$mailboxParams.EmailAddressPolicyEnabled = $False
$user.SetMailParameters($mailboxParams, "ADM_SET_EXCHANGE_PARAMS_FLAGS_NONE")

But the result is the same. This was run on the account with Domain Admin and Enterprise Admin permissions.

image.png

0

Hello,

For troubleshooting purposes, please, enable tracing of requests sent to Exchange servers, reproduce the issue and send us (support[at]adaxes.com) the log file. For information on how to enable the tracing, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.PerformExchangeTasks.TraceExchangeRequests.html.

0

Hello,

Thank you for the provided trace. The error occurs because the EmailAddressPolicyEnabled parameter is available only in on-premises Exchange and not in Exchange Online. To remedy the issue, you need to replace the first and last actions in your Business Rule with the Run a program or PowerShell script action that will execute the below script. In the script:

  • $exchangeServer - Specifies the Fully Qualified Domain Name (FQDN) of your Exchange Server.
  • $enableEmailAddressPolicy - Specifies whether the EmailAddressPolicyEnabled parameter will be enabled.
$exchangeServer ="ExchangeServer.domain.com" # TODO: Modify me
$enableEmailAddressPolicy = $True # TODO: Modify me

try
{
    # Connect to Exchange Server
    $session = New-PSSession -connectionURI "http://$exchangeServer/powershell" -ConfigurationName Microsoft.Exchange
    Import-PSSession -session $session

    Set-RemoteMailbox -Identity "%distinguishedName%" -EmailAddressPolicyEnabled $enableEmailAddressPolicy
}
finally
{
    # Close the remote session and release resources
    if ($session) { Remove-PSSession -Session $session}
}

Related questions

0 votes
1 answer

Hello, I think I might have found a regression. Starting 2014.1 it is impossible to change the reply address for a user having an Exchange 2003 mailbox. The button "Set ... related to my authorizations; I did test various configuration (admin, ...). Regards,

asked May 2, 2014 by Pierre (4.4k points)
0 votes
1 answer

Hi again, My user object creation process use many business rules, one of these moving the object to the right container according to somme attributes. The problem is that sometimes, ... . I run the latest version of Adaxes (3.2.7831). Thanks for your help

asked Feb 10, 2012 by sroux (7k points)
0 votes
1 answer

I have a need to BCC a group email address and the from address not the adaxes address. BCC: group@company.com From: UserA@company.com Adaxes server address: adaxes@company. ... the emails where BCCing the group would allow the exchange server to do the work.

asked Sep 13 by hgletifer (4.6k points)
0 votes
1 answer

Hello Support Team We are looking to change our email address format to first.last@company.com. We have some newer users using the new format but we never backfilled the ... (NOT set to primary) to each account and deal with the possibility of duplicates?

asked Jun 5, 2018 by willy-wally (14.5k points)
0 votes
1 answer

Hello, Similarly to how you can have a mobile number field on the Password Self Service enrollment page, is there any way you can have an alternate field such as ... a custom attribute after enrollment through regular self service. Possible or no? Thank you.

asked Nov 27, 2017 by Kevin (510 points)
2,031 questions
1,806 answers
5,156 comments
1,018 users