Linked Mailbox Conversion after migration in Exchange 2007…

by Andy Grogan on December 27, 2008 · 3 comments

in Exchange 2007 (General), Windows 2003 - ADSI

Linked mailboxes in Exchange 2007 are essentially normal mailboxes that can (or indeed do) hold an External account in a separate resource forest. The full definition of a linked Mailbox as per Microsoft is as follows:

A linked mailbox is a mailbox that is associated with an external account. The resource forest scenario is an example of when you would want to associate a mailbox with an external account. In a resource forest scenario, user objects in the Exchange forest have mailboxes, but the user objects are disabled for logon. You must associate these disabled user accounts in the Exchange forest with enabled user objects in the external accounts forest. For more information about deploying Exchange 2007 in a resource forest topology, see Planning for a Complex Exchange Organization.

Ok, great Andy we really needed to know that – are you running out of ideas?

;-) No not quite but during a migration from Exchange 2003 to 2007 that I have been working on I started to notice that some of the Mailboxes that I was migrating via the Microsoft Exchange Management Shell (using the following command):

‘justice.lab.com/ExchangeUsers/ICT/Bobby’ | move-mailbox -TargetDatabase ‘CRP-ExchangeEVS-01\CCREVS01-IT-SG\CCREVS01-IT-DB’

Started showing up as “Linked Mailboxes” (even though the entire Organization consisted of a single forest and domain) when moved to their target Exchange 2007 store this was shown up by the ICON for the users mailbox and indeed the “Recipient Type Details” in the Exchange Management Console – see below:

LinkedMB-ST2

Whereas this was not causing any problems (essentially the users could logon via MAPI, OWA and make use of Active Sync) – with me being a perfectionist I was curios as to why this was happening.

From research that I gathered in Newsgroup’s and online I found that there were a number of possible reasons given for this potentially happening:

  • If you have performed a “Cross Forest” migration of the account (I had not)
  • If the ADMT had been used at any point to create the original Exchange 2003 accounts (this also did not happen).

So after some scratching my head and indeed some major poking about – I eventually tracked the problem down to an orphan Active Directory Account having had the “Associated External Account” right on the mailbox in question at some point in time – see below;

LinkedMB-ST1

I found this by using Active Directory Users and computers with the Exchange 2003 properties extension installed you can then review this security information by choosing the properties of an affected account and then selecting:

[ Exchange Advanced -> Mailbox Rights ]

Now interestingly if on a migrated (to Exchange 2007) you run the following CMDLET:

get-mailbox “” | select displayName,islinked you will get the following output (you will see that the isLinked value is set to “TRUE“):

LinkedMB-ST3 If you then (VIA ADUC with the Exchange 2003 extensions installed) REMOVE the orphan account from user – then allow for domain replication, after which run the

get-mailbox “” | select displayName,islinked on the same account again you will get the following output (I have included the original command for reference):

LinkedMB-ST4

You will see that the IsLinked value has changed to “FALSE

At this stage we might be thinking – ah ha all fixed – nope, not yet, you see if you look at the same account in the Exchange Management Console you will see that the Mailbox is showing up still as a “Linked Mailbox” – see below;

LinkedMB-ST5

Now after some further research I stumbled upon this article: http://blogs.technet.com/benw/archive/2007/04/05/exchange-2007-and-recipient-type-details.aspx by a MSFT chap called Ben Winzenz.

In this article Ben explains that Mailboxes which are linked have an Active Directory Attribute called “msExchRecipientTypeDetails” which is set to 2 (Decimal) – whereas a normal mailbox the attribute is set to “1″ he also explains that this attribute should NOT be modified manually by an Exchange admin, only the Exchange Management tools.

So using ADSI edit I had a look at the mailbox above to check the value of the “msExchRecipientTypeDetails” – see below;

LinkedMB-ST6

Sure enough within AD the mailbox is described as “linked“.

After some further research I found an article by Matt Richardson (http://www.iccohio.com/blogs/mrichardson/archive/2008/05/21/converting-a-linked-mailbox-to-a-user-mailbox-in-exchange-2007.aspx) which gives you a [very good] walk through guide on how you can convert a linked mailbox to a normal mailbox using the Exchange Management Tools – however, it involves disconnecting the mailbox, running a cleanup on the store and then reconnecting the mailbox to the target account – which, does work BTW.

I thought about this for a little while, and then went back to Ben’s article which clearly states that you should not manually changes the “msExchRecipientTypeDetails” value in AD without understanding what caused the issue in the first place.

I went through the facts of the situation as I saw them –

  • I know what caused the problem and have a solution from the Management Side (e.g. remove the orphan account from the Security Properties of the Mailbox)
  • I not wish to disconnect all of these mailboxes using the above process

So using ADIS edit I changed the “msExchRecipientTypeDetails” value to 1 and forced an AD replication.

I then went back to the Exchange Management Console and checked the properties of the user – see below;

LinkedMB-ST7

As you can see the EMC was now reporting the correct data.

Summary:

There are a number of scenarios where a migrated account can show up as a “linked mailbox” all of which Microsoft recommends Disconnecting the account and then reconnecting – however, it is always worth checking your accounts as per above to see if they have Orphan permissions on the “Associated External Account” – as my process (although probably not supported by Microsoft) not only converts the account back to a normally account – but also tidies up the security groupings without the need to disconnect the mailbox.

Social

{ 3 comments… read them below or add one }

Danny Boy August 22, 2012 at 8:54 am

Hi Andy!

Does it matter to leave the mailbox in the state as Linked mailbox?
What can happen if it stays as a Linked mailbox?

We also migrated but from 2000 to 2007 and also have the same issue. A lot of mailboxes is linked.
But everything works as it is.

So I just wonder if you know any future troubles that will come our way?

Best regards
Danny

Reply

Amit September 9, 2014 at 10:52 am

Hi,
I would like to know best practice for Cross forest Migration from Exchange 2010 to Exchange 2013… Here is the scenario:-
1. There are two forest abc.xyz.com & efg.xyz.com.
2. abc having applications like Exchange 2010 is running.
3.Efg domain having user accounts and users login to laptop using this domain.
4. I have to install Exchange 2013 in Efg domain and migrate mailboxes from Exchange 2010 servers. This includes public folder, GAL Sync & Free /busy.

Please suggest me best practice to achieve goal … Pls. send details on amitksinha@live.in
Thanks in Advance !!
Amit kumar

Reply

Ron November 14, 2014 at 8:25 pm

Im having a different issue, we have a domain our domain is the one with exchange server 2003, the other domain(s) have mailboxes on our domain, we use “Associated External Account” Permission to allow them access and it works.

Now… we are moving to exchange 2010, we want the linked mailbox. but some didn’t convert. so we need to convert them manually. the BIG issue is What type of permissions/account do we need int he other domains to access their AD to link their account to our domain mailboxes?

Reply

Leave a Comment

Previous post:

Next post: