Create Active Directory accounts from the Exchange database (Part 1)

Anderson Patricio

What can you do with a mailbox database? In a crash scenario, we lost the Domain Controller and didn't have any backups, an Exchange Server database would be very useful in this case and could save a lot of time during the rebuild process. system. The mailboxes have some information about the related user accounts and we can use this information to create new users and connect them to the mailbox.

However, it will not protect administrators in some problems with entering all workstations / workstations into a new domain, recreating the permissions .

This article can be very useful when you want to create a lab environment using Virtual Server or any virtualization software that we do not want to restore the system state in the lab.

Script…

We will use the same scenario for both parts of this article, the difference between them is the process related to creating Active Directory user accounts from the mailbox database.

Our scenario here will be a company with an Active Directory and an Exchange Server (Figure 1). In this first part, Exchange Server will be Exchange Server 2007 and in the second part it will be Exchange Server 2003. Only the Active Directory server has a problem and we do not have any Active Directory and backup state system. System State.

Figure 1: We have a domain controller without backup

To create Active Directory user accounts, the mailbox database must be in the shutdown (Clean shutdown) state as shown in Figure 2.

Figure 2: Running eseutil / mh for database to validate the status of this database

We can summarize the steps needed to build a new environment below:

1. Create Active Directory Domain.

2. Create Exchange Server infrastructure

3. Attached to the old database

4. Create a list of disconnected mailboxes on the LDF file.

5. Use this new LDF file to create Active Directory accounts.

6. Match new users created with disconnected mailboxes.

Create an environment from trouble

We must create an environment where the problem is only in the Active Directory server. This is because all Exchange Server information stored in Active Directory does not exist anywhere else. We must follow these steps:

1. Build a new server and install Active Directory.

2. Create a backup program for this server because we don't want to do this all over again.

3. Installing a new server for Exchange Server 2007 and installing it (preparing Forest and Active Directory), you can refer to the article on installing Exchange Server 2007 to do this.

Attach the old database and consider the disconnected mailboxes

Now that we have a new environment with Active Directory and Exchange Server installed from the problem, attach the database from the old environment and bring it to the user's data. To perform this task, follow the steps below:

1. Open the Exchange Management Console.

2. Click Server Configuration section.

3. Click Mailbox and in the Result pane, click on the current server.

4. Click on the database called Mailbox Database , then click Properties in the Toolbox Actions.

5. Remember the database path for the next step and check the box This database can be overwritten by a restore . Click OK (Figure 3).

Figure 3: Default mailbox database will be overwritten by the production database from the old environment.

Now, take note of the path, where the current database is located, you will have to remove this current database file ( mailbox database.edb ). Then copy the old database to a similar path and rename it ' Mailbox database.edb '. You can then return to the Exchange Management Console, click on the removed database and click Mount Database in Toolbox Actions.

Lists disconnected mailboxes and creates Active Directory users

We have added the old database to the new Exchange Server and all user data is in this installed database. Consider the Mailbox Database that has been disconnected, but before that you must perform a scan in Active Directory to find the disconnected mailboxes. We can do that by using the Clean-MailboxDatabase cmdlet -Identity , as shown in Figure 4.

Figure 4: List the mailbox databases and run the clean-mailboxdatabase cmdlet command

To see if the mailboxes are disconnected, we can open the Exchange Management Console , click on the Recipient Configuration section, then click Disconnected Mailbox item , you can see Figure 5 for more information.

Figure 5: All mailboxes have been disconnected

The next step is to use a script to collect information from disconnected mailboxes and create LDF files to use for creating Active Directory user accounts. This script can be found in the Exchange Server 2007 help file or here. Let's copy the contents of this script and save it to a file called CreateLdifFromDisconnectedMailboxes.ps1 in the Scripts folder, as shown in Figure 6.

Figure 6: Save the script used through the Exchange Management Shell utility

Using this script, we can create an LDF file from the disconnected mailbox information. The parameter that you must specify in the script is which OU (Organizational Unit) will be used to create new users (Figure 7). Script syntax is displayed as below:

.CreateLdifFromDisconnectedMailboxes.ps1 –ContainerDN ''

The result will be an LDF file containing information on how to create users. This information comes from disconnected mailboxes (Figure 8).

Figure 8: The content of the LDF file will be used by the ldifde tool

Now it's time to create users using the current LDF file! To do that, we will use the ldifde tool (Figure 9) with the syntax below:

Ldifde –I –f

Figure 9: Creating Active Directory users

We can access Active Directory Users and Computers and validate if there are new users in the designed OU in the CreateLdifFromDisconnectedMailboxes.ps1 script. (Figure 10)

Figure 10: Recently created users

The next step will be matching and importing recently created users with disconnected mailboxes (Figure 11). Perform this task using the cmdlet below:

Get-MailboxStatistics | where {$ _. DisconnectDate –ne $ null} | Connect-Mailbox –Database ''

We can choose to perform each mailbox connection to reply to Y or we can type A to 'agree' on all connections.

Figure 11: Connecting new users with disconnected mailboxes

Now, disconnected mailboxes are connected to new users. We can see all mailboxes in the Exchange Management Console via Figure 12.

Figure 12: New user

OK , Now we have a brand new environment with new accounts created from the disconnected mailbox. The next task on the list will be to import all workstations in a new domain, set permissions on the file server .

Conclude

In this first part, we learned how to create a new Active Directory user from the Exchange Server 2007 database. This article can be very useful when there is no backup of Active Directory or DC's System State and any DC (Domain Controllers). other. The process introduced in this article will help you create new users and connect them with old features.