0 votes

Hello,

We have an issue where email address is not being updated per email address policy after user account rename. If change is being done on Exchange directly it works fine. If after rename on Adaxes we toggle email address policy check mark in Exchange it works. But somehow we are unable to automate email address policy toggle for the mailbox after account rename. We are in hybrid exchange. This is the task: image.png It throws this error: image.png Can you please tell me what I am doing wrong here?

by (760 points)

1 Answer

0 votes
by (226k points)

Hello,

To edit Exchange properties of AD objects, Adaxes uses management cmdlets provided by Exchange Server, such as Set-Mailbox, for example. The error message means that the account whose credentials were used to register your AD domain in Adaxes is not allowed to use the EmailAddressPolicyEnabled parameter of one of the cmdlets used. For information on how to check/change the account, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.ManageActiveDirectory.ManageDomains.ChangeManagedDomainLogonInfo.html.

To resolve the issue, you need to add the parameter to the Exchange Management Roles assigned to the account. Alternatively, you can create a new Role that for this purpose, and then assign the role to the user. For information on how to do that, use the following guide by Microsoft: https://blogs.technet.microsoft.com/rmilne/2013/12/16/how-to-add-or-remove-cmdlet-parameter-from-rbac-management-role/. See section Add A Single Parameter.

After performing changes following the guide, restart Softerra Adaxes Service.

0

Hello,

Permissions are fine for Adaxes account. And we can verify it by running the task as powershell script and remoting into Exchange server. But we want to use builtin functionality and that does not work. Here is a list of permission groups the account is member of: image.png What else could we check regarding this issue?

0

Also I have tried doing the change using ADSI script:

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

# Bind to user object
$userDN = "CN=company,DC=com"
$user = $admService.OpenObject("Adaxes://$userDN", $NULL, $NULL, 0)

# Create an instance of the AdmExchangeMailboxParameters class
$mailboxParams = New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxParameters"

# Automatically update e-mail addresses based on e-mail address policy
$mailboxParams.EmailAddressPolicyEnabled = $False
$user.SetMailParameters($mailboxParams, "ADM_SET_EXCHANGE_PARAMS_FLAGS_NONE")

But the result is the same. This was run on the account with Domain Admin and Enterprise Admin permissions.

image.png

0

Hello,

For troubleshooting purposes, please, enable tracing of requests sent to Exchange servers, reproduce the issue and send us (support[at]adaxes.com) the log file. For information on how to enable the tracing, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.PerformExchangeTasks.TraceExchangeRequests.html.

0

Hello,

Thank you for the provided trace. The error occurs because the EmailAddressPolicyEnabled parameter is available only in on-premises Exchange and not in Exchange Online. To remedy the issue, you need to replace the first and last actions in your Business Rule with the Run a program or PowerShell script action that will execute the below script. In the script:

  • $exchangeServer - Specifies the Fully Qualified Domain Name (FQDN) of your Exchange Server.
  • $enableEmailAddressPolicy - Specifies whether the EmailAddressPolicyEnabled parameter will be enabled.
$exchangeServer ="ExchangeServer.domain.com" # TODO: Modify me
$enableEmailAddressPolicy = $True # TODO: Modify me

try
{
    # Connect to Exchange Server
    $session = New-PSSession -connectionURI "http://$exchangeServer/powershell" -ConfigurationName Microsoft.Exchange
    Import-PSSession -session $session

    Set-RemoteMailbox -Identity "%distinguishedName%" -EmailAddressPolicyEnabled $enableEmailAddressPolicy
}
finally
{
    # Close the remote session and release resources
    if ($session) { Remove-PSSession -Session $session}
}

Related questions

0 votes
0 answers

We have delegated updating user properties in AD and the usrs have requested those changes updated in the GAL. Is ther ea way to do this in Adaxes?

asked Feb 13, 2020 by Derek.Axe (440 points)
0 votes
0 answers

We are looking for a way to setup a "rename user" in the web interface that also changes the proxy adress. Our emails always include names so they always get changed on ... smtp) and the new one to (SMTP) ? smtp:old.email@domain.com SMTP:new.email@domain.com

asked Dec 22, 2021 by silicondt (40 points)
0 votes
1 answer

Hello, I think I might have found a regression. Starting 2014.1 it is impossible to change the reply address for a user having an Exchange 2003 mailbox. The button "Set ... related to my authorizations; I did test various configuration (admin, ...). Regards,

asked May 2, 2014 by Pierre (750 points)
0 votes
1 answer

Hi again, My user object creation process use many business rules, one of these moving the object to the right container according to somme attributes. The problem is that sometimes, ... . I run the latest version of Adaxes (3.2.7831). Thanks for your help

asked Feb 10, 2012 by sroux (800 points)
0 votes
1 answer

Hello, after update to 2021.1 we have problems with an old Windows 2003 domain. The service account for the domain will rapidly locked out from the Adaxes server. What we ... in 2021.1 for Managed Domain? Or how can I integrade old domains? regards Helmut

asked Mar 12, 2021 by a423385 (510 points)
2,779 questions
2,512 answers
6,574 comments
26,286 users