In the May 1999 column, I mentioned the Mailbox Cleanup Agent, but I didn't specify where you can find it. Microsoft offers two Microsoft BackOffice Resource Kits (BORKs): the BORK Part Two and the BORK, Second Edition. The Mailbox Cleanup Agent version you need is on the BORK, Second Edition CD-ROM; the BORK Part Two has the earlier, buggy version 1.5. Make sure you use version 1.91 or later; you can obtain the latest version from Microsoft Product Support Services (PSS).
Another news item is that the msexchange mailing list I've mentioned in past columns no longer exists—it's now part of the Exchange list on http://www.swynk.com. The new list includes its original members and most of the folks from msexchange (about 4200 people in all). Drop by and check it out.
I manage an Exchange Server organization that consists of 13 sites, each of which has one or more servers. Occasionally, a user moves from one site to another. Can I move a user from one site in the organization to another site? My company runs Exchange Server 5.5 with Service Pack 2 (SP2).
The Move Server Wizard (MSW) can move servers between sites and organizations, but it's overkill for some situations. If you need to move a lot of users from one site to another, you can move them all to one server in that site and then use MSW to move everyone at once. However, you said you need to move only one user at a time, so this solution probably isn't appropriate for your situation.
If your mailbox moves are infrequent and involve only one or two users at a time, you can have the users save or archive all their mail to a .pst file. Then, you can remove their mailbox from one site and create a new mailbox in the other site. The user can then log on to the new server and import mail from the .pst file. This process is labor-intensive, however, so you might want to investigate the Exmerge utility. PSS doesn't officially support Exmerge, but the utility generally works well for this kind of task and can save you some labor and overhead. You can obtain Exmerge from PSS.
How can I keep from getting nondelivery reports (NDRs) for deleted users in my administrator's mailbox?
You can create a new mailbox called Deleted Users (or something similar). When a user leaves the company, add that user's address to this mailbox and remove the original mailbox at your convenience. NDRs will accumulate in this mailbox, but you can sweep through them when you have time, just to make sure you're not missing any useful-but-misdirected mail.
I'm a new administrator of my company's Exchange server (which runs Exchange Server 5.5). Last week, I started receiving the error message Extension 'DSAVUAdm' could not be loaded. The extension for Microsoft Exchange Administrator's CPU type has not been installed in the site whenever I tried to open a recipient's mailbox. What's the problem?
This error message puzzled me at first, because I'd never heard of DSAVUADM—I couldn't find it on any of my servers. I was further puzzled when I learned that all CPUs in the site are Intel.
When I consulted the Microsoft Knowledge Base, I found the article "XADM: Extension DSAVUADM Could Not Be Loaded Accessing a Mailbox" (http://support.microsoft.com/support/ kb/articles/q223/2/79.asp). This article mentions that the DSAVUADM is a DLL that is part of Network Associates' GroupShield antiviral program. The reader admitted to having changed the domain admin account's password, which made his previous Norton AntiVirus setup stop working. As a stopgap measure, he installed GroupShield, and the message started appearing. Removing GroupShield from the affected server fixed the problem.
Can I use Collaboration Data Objects (CDO)/Active Directory Service Interfaces (ADSI) to write a program that extracts lists of users who are over their mailbox limits?
Yes, you can. Look at Siegfried Weber's excellent Web site CDOLive (http://www.cdolive.com) for a wealth of CDO-related information. The site offers some example code (http://www.cdolive.com/sample8.htm) that you can easily adapt to obtain the list you want.
One of my users keeps having outbound Internet mail bounced back to her with the message 552 qdirdel error 100: User is over the quota. You can try again later. Neither my company nor its ISP has any quotas, so why is she getting this message?
When a user complains that mail is bouncing, you need to identify the source of the NDR. By examining the message header, you can see which mail system originated the NDR. In your case, the remote system is apparently generating the NDR; your user's mail is bouncing when it reaches the remote system because the recipient has a quota. I see this problem frequently when people try to send mail to users on free email systems such as Hotmail because those services tend to vigorously enforce their disk quotas.
We've started rolling out Advanced Security to our Outlook 97 and Outlook 98 users. Why does the Advanced Security welcome message refer Outlook 98 users to a nonexistent security tab?
Exchange Server 5.5's default message refers to the Setup Advanced Security option on the Security tab of the Options dialog box. Outlook 97 has this option, but Outlook 98 doesn't. One solution is to upgrade your Exchange server to SP1 or SP2. The service packs have a lot of useful fixes and functionality improvements, such as a correct welcome message and full Secure MIME (S/MIME) support. If you don't want to upgrade, you can also change the welcome message manually; I like this approach because it lets you personalize the message to include information about your specific environment. Use Exchange Administrator to open the Certificate Authority object's Properties page, then select Edit Welcome Message on the Enrollment tab, which you see in Screen 1.
How can I tell whether the server I'm managing is running the Standard or Enterprise edition of Exchange?
One way to determine the edition is to look in the Application section of your server's event log for event ID 1217. If you're running the Enterprise edition, the message will say Information store with unlimited storage capacity enabled.
What's the best way to connect organizations and initiate directory replication between them?
Your choices for setting up replication between two organizations fall along the continuum of methods from unsupported and free to superb but very expensive. Establishing directory replication is a two-step process. First, you need to establish mail connectivity, because Exchange Server's directory replication rides atop mail connections. Next, you need a way to establish replication between your two organizations. Judging which method is best is subjective.
The first step is simple. Because you want to link two organizations, you can't use the Site connector, but you can use the Internet Mail Service (IMS) or X.400 connectors to move messages between the two organizations. This operation is straightforward. After you've confirmed that the two groups can exchange mail properly, you're ready to set up replication.
The lowest-end solution is to use Exchange Administrator's directory export and import features to export the directory on one site and import it on the other. With a suitable set of processing scripts or macros, this solution is adequate for many sites. It has the advantages of being easy to automate, easy to understand, and easy to schedule, but its capability depends on how well your processing scripts perform mundane tasks, such as removing duplicate entries and updating attribute changes without overwriting the entire record.
Moving further along the continuum, Microsoft includes the Inter-Org Synchronization Tool (IOST) in the BORK. This tool lets you enable synchronization across an SMTP connection, in much the same way that replication usually works. The tool collects changes and transfers them as mail messages. Although I know many admins who have gotten IOST to work fine, Microsoft doesn't officially support it, so you might have to fine-tune it to get it to work for you—and you might not succeed.
At the high end, Compaq sells an excellent tool called the LDAP Directory Synchronization Utility (LDSU). LDSU uses Lightweight Directory Access Protocol (LDAP) to pull directory data from each organization and stores all the data in a database. You can customize the product, and LDSU sites report that it's also extremely robust. However, the product is complex and expensive (starting around $10,000). You'll need to spend some time (and possibly obtain some help) to get LDSU working just the way you want it. If you need bulletproof synchronization, LDSU is probably your best option. You can obtain information about LDSU from http://www.digital.com/info/LIW0FZ.
The Exchange Server 5.5 SP1 release notes explain that the IMS puts unsolicited commercial email (UCE) in a turf directory. So, I set up a turf directory to filter incoming mail on my SP1 servers. However, I noticed that the turf directory doesn't contain any messages, even though I'm fairly sure that the offending domains are still sending messages. What's happening?
Exchange Server 5.5 SP1 lets you filter incoming mail by domain. You can throw away the mail without ever seeing it, or you can specify a turf directory where the IMS stores the incoming messages for later review. By default, Exchange stores incoming messages in C:\turfdir, unless you specify your own turf directory by adding a REG_SZ Registry value named TurfDir to HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\.
The Connections tab of the IMS Properties page lets you specify which domains you want filtered out, but a defect in the IMS code makes the IMS forget about any custom TurfDir setting when you make a change there. If the IMS can't find the specified turf directory, it just deletes the messages. You most likely don't have a directory named C:\turfdir. Add that directory (or get in the habit of updating the TurfDir key every time you add or change a filter), and you'll be in good shape.
