[ExchangeList] Re: NTDSNoMatch utility
- From: "Jason Sherry" <Jason.Sherry@xxxxxxxxxxxxxxxxxx>
- To: <exchangelist@xxxxxxxxxxxxx>
- Date: Tue, 22 Aug 2006 12:44:46 -0400
NTDSNoMatch was replaced with the ADC Wizard in Exchange 2003.
On the Exchange 2003 SP2 CD there is an ADC directory. Run setup from
it and install the ADC. In the ADC MMC snap-in there is a Wizard that
looks for accounts that are associated with multiple mailboxes and lets
you select which one is the primary mailbox for the account. It then
updates the 5.5 directory for you.
The basic rule used by NTDSNoMatch is if samAccountName = MB alias then
the mailbox is the primary for that account. If you have multiple
mailboxes with the same alias and Primary NT Account it will cause
issues since multiples will be marked as the primary for the same
account. I don't recall if the ADC Wizard handles this issue or not.
Therefore I suggest you use the ADC Wizard and export the matching work
you do to a file and review it and manually import it.
I would suggest you stop using NTDSNoMatch and use the ADC Wizard to fix
the multiple mailbox issue.
You might need to update your 5.5 GAL to clear out custom attrib 10 for
all users and start over. This can be done by doing a GAL export in
Exchange 5.5 admin and adding an "Extension-Attribute-10" column to the
CSV file and removing all other columns except Obj-Class, Directory
Name, Alias, and Obj-Container. Then put "~DEL" in the attrib 10 column
for all mailboxes.
Here are the steps in more detail:
A) Open the file in Excel
a) Check for mailboxes that already have NTDSNoMatch set in the
Custom Attribute 10 field
1) Create a
GAL.CSV file with the following as the first line:
Obj-Class,Directory Name,Alias Name,Extension-Attribute-10,
Obj-Container
2) Do a directory
export in the Exchange 5.5 admin tool
i) In Exchange 5.5 Admin from the Tools menu choose Directory
Export
ii) Choose the file created above
iii) Select the GAL
iv) Include subcontainers
v) Only select mailbox
vi) Include hidden objects
vii) Change the Column separator to <tab>
3) Open up the
CSV file and sort on Custom Attribute 10
4) Delete all
objects that don't have NTDSNoMatch in this column
5) Replace
NTDSNoMatch with "~DEL" and save the file
6) Import this
file into Exchange to remove the NTDSNoMatch value
i) In Exchange 5.5 Admin from the Tools menu choose Directory
Import
ii) Choose the file above
For more info on NTDSNoMatch see:
http://support.microsoft.com/kb/274173/en-us
For how to fix mis-matches after an ADC CA has been run:
http://support.microsoft.com/kb/256862/en-us
Jason Sherry - Pro Exchange http://www.theproexchange.com
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of raj nair
Sent: Tuesday, August 22, 2006 9:31 AM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: NTDSNoMatch utility
Thanks for your reply Jason.
One more doubt . i have ran the ntdsnomatch from exchange 200 version
and from the list there is a mailbox iam listing below which does not
come under the exchange 2003 version. I dont know about the exchange
2003 sp2 version and have never run it.
That mailbox also has the Sam acct name and alias different. whay is
that not listed in the 2003 version?
Obj-Class
Extension-Attribute-10
Display Name
Primary Windows NT Account
Alias Name
Directory Name
Home-Server
Mailbox NTDSNoMatch Sandy May is-dp\TC7
Sandy.May FA12 Revenue04
Similarly there are some more mailboxes that i have seen which have SAM
acct names and aliases different and which are not listed both in exch
2000 version and 2003 version .
PS: Is it because the accounts that is owning these mailboxes does not
own any other ?
Thanks
Raj
On 8/21/06, Jason Sherry <Jason.Sherry@xxxxxxxxxxxxxxxxxx> wrote:
~DEL means that custom attribute 10 will be cleared. If the
samAccountName (Windows NT Account) and alias match it is assumed that
the mailbox is the primary mailbox for the account and attribute 10 will
be cleared.
Entries without a value in attribute 10 will be assume to be the primary
mailbox for the associated Windows NT Account. "NTDSNoMatch" should be
put in attrib 10 for all other mailboxes that have the same Windows NT
Account, only one mailbox for each NT Account should have a blank attrib
10, the rest should have NTDSNoMatch. For the non-primary or resource
mailboxes, the ones with NTDSNoMatch, a new account will be created for
each of them, based on the directory name I believe. This new account
will be made the primary account for the mailbox it was created for. In
addition, the account that used to have be the primary NT Account will
be granted user access to the other mailboxes.
Note: You should be using the ADC Wizard in Exchange 2003 SP2 instead of
ntdsatrb utility, if that is what you are using.
From your example data provided below your Exchange directory should be
fixed so alias names are unique within your org. Getting the primary NT
account and resource mailbox issues addressed is the hardest part in
migrating from Exchange 5.5 to Exchange 2003.
I would suggest using the ADC Wizard to set the primary mailbox for each
account that is currently associated with multiple mailboxes. Then
export the information from the wizard and review it to make sure it is
correct. Then import the output file, using Exchange 5.5 Administrator,
and rerun the ADC Wizard, after waiting for directory replication to
carry out.
Jason Sherry - Pro Exchange http://www.theproexchange.com
<http://www.theproexchange.com/>
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of raj nair
Sent: Monday, August 21, 2006 2:09 PM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] NTDSNoMatch utility
Hi ,
I have used the exchange 2003 version NTDSNomatch Utility and have
printed the output .Now it has printed all accounts with more than a
mailbox with the NTDSNoMatch stamping. Here is the output .where the SAM
acct name and the alias is different it has stamped NTDSNoMatch.But it
has stamped a ~DEL to the account where the alias and SAM acct name are
same .
For eg :
For 1 entry from the output file :
Obj-Class
Extension-Attribute-10
Display Name
Primary Windows NT Account
Alias Name
Directory Name
Home-Server
Mailbox
~DEL
Phyllis Grigsby
IS-DP\COMM3
COMM3
COMM3
REVENUE04
Mailbox
~DEL
Janie Doolos
IS-DP\COMM3
comm3
SDFairley
REVENUE20
What it means by ~DEL stamping ? Does it mean if if i did not use the
NTDSNoMatch the user Phyllis Grigsby is not going to access his mailbox
( even though his alias and SAM acct name is same in the first row) once
i move th emailboxes to win2003 ?
Thanks
Raj
Other related posts:
