Linked mailboxes in Exchange 2007 are essentially normal mailboxes that can (or indeed do) hold an External account in a separate resource forest. The full definition of a linked Mailbox as per Microsoft is as follows:
A linked mailbox is a mailbox that is associated with an external account. The resource forest scenario is an example of when you would want to associate a mailbox with an external account. In a resource forest scenario, user objects in the Exchange forest have mailboxes, but the user objects are disabled for logon. You must associate these disabled user accounts in the Exchange forest with enabled user objects in the external accounts forest. For more information about deploying Exchange 2007 in a resource forest topology, see Planning for a Complex Exchange Organization.
Ok, great Andy we really needed to know that – are you running out of ideas?
No not quite but during a migration from Exchange 2003 to 2007 that I have been working on I started to notice that some of the Mailboxes that I was migrating via the Microsoft Exchange Management Shell (using the following command):
‘justice.lab.com/ExchangeUsers/ICT/Bobby’ | move-mailbox -TargetDatabase ‘CRP-ExchangeEVS-01\CCREVS01-IT-SG\CCREVS01-IT-DB’
Started showing up as “Linked Mailboxes” (even though the entire Organization consisted of a single forest and domain) when moved to their target Exchange 2007 store this was shown up by the ICON for the users mailbox and indeed the “Recipient Type Details” in the Exchange Management Console – see below:
Whereas this was not causing any problems (essentially the users could logon via MAPI, OWA and make use of Active Sync) – with me being a perfectionist I was curios as to why this was happening.
From research that I gathered in Newsgroup’s and online I found that there were a number of possible reasons given for this potentially happening:
- If you have performed a “Cross Forest” migration of the account (I had not)
- If the ADMT had been used at any point to create the original Exchange 2003 accounts (this also did not happen).
So after some scratching my head and indeed some major poking about – I eventually tracked the problem down to an orphan Active Directory Account having had the “Associated External Account” right on the mailbox in question at some point in time – see below;
I found this by using Active Directory Users and computers with the Exchange 2003 properties extension installed you can then review this security information by choosing the properties of an affected account and then selecting:
[ Exchange Advanced -> Mailbox Rights ]
Now interestingly if on a migrated (to Exchange 2007) you run the following CMDLET:
get-mailbox “” | select displayName,islinked you will get the following output (you will see that the isLinked value is set to “TRUE“):
If you then (VIA ADUC with the Exchange 2003 extensions installed) REMOVE the orphan account from user – then allow for domain replication, after which run the
get-mailbox “” | select displayName,islinked on the same account again you will get the following output (I have included the original command for reference):
You will see that the IsLinked value has changed to “FALSE“
At this stage we might be thinking – ah ha all fixed – nope, not yet, you see if you look at the same account in the Exchange Management Console you will see that the Mailbox is showing up still as a “Linked Mailbox” – see below;
Now after some further research I stumbled upon this article: http://blogs.technet.com/benw/archive/2007/04/05/exchange-2007-and-recipient-type-details.aspx by a MSFT chap called Ben Winzenz.
In this article Ben explains that Mailboxes which are linked have an Active Directory Attribute called “msExchRecipientTypeDetails” which is set to 2 (Decimal) – whereas a normal mailbox the attribute is set to “1″ he also explains that this attribute should NOT be modified manually by an Exchange admin, only the Exchange Management tools.
So using ADSI edit I had a look at the mailbox above to check the value of the “msExchRecipientTypeDetails” – see below;
Sure enough within AD the mailbox is described as “linked“.
After some further research I found an article by Matt Richardson (http://www.iccohio.com/blogs/mrichardson/archive/2008/05/21/converting-a-linked-mailbox-to-a-user-mailbox-in-exchange-2007.aspx) which gives you a [very good] walk through guide on how you can convert a linked mailbox to a normal mailbox using the Exchange Management Tools – however, it involves disconnecting the mailbox, running a cleanup on the store and then reconnecting the mailbox to the target account – which, does work BTW.
I thought about this for a little while, and then went back to Ben’s article which clearly states that you should not manually changes the “msExchRecipientTypeDetails” value in AD without understanding what caused the issue in the first place.
I went through the facts of the situation as I saw them –
- I know what caused the problem and have a solution from the Management Side (e.g. remove the orphan account from the Security Properties of the Mailbox)
- I not wish to disconnect all of these mailboxes using the above process
So using ADIS edit I changed the “msExchRecipientTypeDetails” value to 1 and forced an AD replication.
I then went back to the Exchange Management Console and checked the properties of the user – see below;
As you can see the EMC was now reporting the correct data.
There are a number of scenarios where a migrated account can show up as a “linked mailbox” all of which Microsoft recommends Disconnecting the account and then reconnecting – however, it is always worth checking your accounts as per above to see if they have Orphan permissions on the “Associated External Account” – as my process (although probably not supported by Microsoft) not only converts the account back to a normally account – but also tidies up the security groupings without the need to disconnect the mailbox.