0 votes

Hello,

We have an issue where email address is not being updated per email address policy after user account rename. If change is being done on Exchange directly it works fine. If after rename on Adaxes we toggle email address policy check mark in Exchange it works. But somehow we are unable to automate email address policy toggle for the mailbox after account rename. We are in hybrid exchange. This is the task: image.png It throws this error: image.png Can you please tell me what I am doing wrong here?

by (3.9k points)

1 Answer

0 votes
by (181k points)

Hello,

To edit Exchange properties of AD objects, Adaxes uses management cmdlets provided by Exchange Server, such as Set-Mailbox, for example. The error message means that the account whose credentials were used to register your AD domain in Adaxes is not allowed to use the EmailAddressPolicyEnabled parameter of one of the cmdlets used. For information on how to check/change the account, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.ManageActiveDirectory.ManageDomains.ChangeManagedDomainLogonInfo.html.

To resolve the issue, you need to add the parameter to the Exchange Management Roles assigned to the account. Alternatively, you can create a new Role that for this purpose, and then assign the role to the user. For information on how to do that, use the following guide by Microsoft: https://blogs.technet.microsoft.com/rmilne/2013/12/16/how-to-add-or-remove-cmdlet-parameter-from-rbac-management-role/. See section Add A Single Parameter.

After performing changes following the guide, restart Softerra Adaxes Service.

0

Hello,

Permissions are fine for Adaxes account. And we can verify it by running the task as powershell script and remoting into Exchange server. But we want to use builtin functionality and that does not work. Here is a list of permission groups the account is member of: image.png What else could we check regarding this issue?

0

Also I have tried doing the change using ADSI script:

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

# Bind to user object
$userDN = "CN=company,DC=com"
$user = $admService.OpenObject("Adaxes://$userDN", $NULL, $NULL, 0)

# Create an instance of the AdmExchangeMailboxParameters class
$mailboxParams = New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxParameters"

# Automatically update e-mail addresses based on e-mail address policy
$mailboxParams.EmailAddressPolicyEnabled = $False
$user.SetMailParameters($mailboxParams, "ADM_SET_EXCHANGE_PARAMS_FLAGS_NONE")

But the result is the same. This was run on the account with Domain Admin and Enterprise Admin permissions.

image.png

0

Hello,

For troubleshooting purposes, please, enable tracing of requests sent to Exchange servers, reproduce the issue and send us (support[at]adaxes.com) the log file. For information on how to enable the tracing, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.PerformExchangeTasks.TraceExchangeRequests.html.

0

Hello,

Thank you for the provided trace. The error occurs because the EmailAddressPolicyEnabled parameter is available only in on-premises Exchange and not in Exchange Online. To remedy the issue, you need to replace the first and last actions in your Business Rule with the Run a program or PowerShell script action that will execute the below script. In the script:

  • $exchangeServer - Specifies the Fully Qualified Domain Name (FQDN) of your Exchange Server.
  • $enableEmailAddressPolicy - Specifies whether the EmailAddressPolicyEnabled parameter will be enabled.
$exchangeServer ="ExchangeServer.domain.com" # TODO: Modify me
$enableEmailAddressPolicy = $True # TODO: Modify me

try
{
    # Connect to Exchange Server
    $session = New-PSSession -connectionURI "http://$exchangeServer/powershell" -ConfigurationName Microsoft.Exchange
    Import-PSSession -session $session

    Set-RemoteMailbox -Identity "%distinguishedName%" -EmailAddressPolicyEnabled $enableEmailAddressPolicy
}
finally
{
    # Close the remote session and release resources
    if ($session) { Remove-PSSession -Session $session}
}

Related questions

0 votes
0 answers

We have delegated updating user properties in AD and the usrs have requested those changes updated in the GAL. Is ther ea way to do this in Adaxes?

asked Feb 13 by Derek.Axe (1.3k points)
0 votes
1 answer

Hello, I think I might have found a regression. Starting 2014.1 it is impossible to change the reply address for a user having an Exchange 2003 mailbox. The button "Set ... related to my authorizations; I did test various configuration (admin, ...). Regards,

asked May 2, 2014 by Pierre (4.4k points)
0 votes
1 answer

Hi again, My user object creation process use many business rules, one of these moving the object to the right container according to somme attributes. The problem is that sometimes, ... . I run the latest version of Adaxes (3.2.7831). Thanks for your help

asked Feb 10, 2012 by sroux (7k points)
0 votes
1 answer

$property = "mail" # TODO: modify me #$regex = "^[a-zA-Z0-9_.%%\-\+]+@([a-zA-Z0-9_\-]+\.)+[a-zA-Z0-9_\-]+$" # TODO: modify ... regular expression: $regex") # TODO: modify me #} # Update property value $Context.SetModifiedPropertyValue($property, $value)

asked Feb 25 by Derek.Axe (1.3k points)
0 votes
1 answer

Since 2020.1 added the friendly From name for emails, I would like to ask for the ability to specify a Reply-to address. This would be very helpful to have ... develing deeper into the System.Net.Mail.MailMessage class to add a replyto address to message.

asked 1 day ago by polley (4.2k points)
2,226 questions
1,988 answers
5,453 comments
6,768 users