Exchange Server Troubleshooter - 19 Dec 2001

Can you describe the difference between a user and a contact in Microsoft Exchange 2000 Server?

This question is interesting because in Exchange Server 5.5, accounts and contacts are two completely different entities that Exchange stores in different places. The biggest difference is simple yet subtle: Users are security principals, and contacts aren't. In Windows 2000 parlance, a security principal is any object that has security credentials that someone can use to log on to a resource. A user object has such credentials, but a contact doesn't. In particular, user objects have four attributes that contacts don't: objectSID, SAMAccountName, userAccountControl, and userPrincipalName.

Now, let's talk about users' and contacts' similarities. Both can exist in a mail-enabled configuration. Mail-enabled objects have email addresses associated with them. The mere presence of an address doesn't do much for an object because an address is just a directory attribute. However, mail-enabled user objects might also be mailbox-enabled, which means that an associated mailbox is attached to the user. Contacts are a little different because they never have associated mailboxes; instead, you can give them target addresses, which are just external addresses.

Is a procedure available for moving Exchange Server databases from an Alpha server to an Intel server?

Fortunately, yes—otherwise, all the companies that spent big bucks on hot Alpha hardware would have no migration path to the x86 world. You can move the files without any special conversion, but you're subject to all the constraints you have when moving Exchange databases from one machine to another. You can perform a complete disaster recovery from the Alpha box to the x86 server, or you can take partial steps, such as moving mailboxes and public folders instead of moving all the data.

I want to run a virus scanner on my Exchange Server machine. Do I need to take any special precautions?

If you're going to run a virus scanner on your Exchange server, make absolutely sure that you don't scan the directories that contain your transaction logs or databases. Virus scanners generally disinfect or remove any suspicious files they encounter. If your scanner decides to disinfect or remove a transaction log or checkpoint file, you'll be very unhappy when you try to back up or recover your server because the data in those files will no longer match what the checksum files have recorded. If you're trying to protect mail data, not just the server's files, you need an Exchange-aware scanner. If you're considering migrating to Exchange 2000 Server, make sure the product you choose is, or will be, Exchange 2000­compatible.

I installed the Windows 2000 Administrative Tools package on my workstation. Why can't I see the Exchange Tasks item or the Exchange-specific properties for user objects?

The adminpak.msi file included with Win2K Server and Win2K Advanced Server installs all the Microsoft Management Console (MMC) snap-ins (e.g., Active Directory Users and Computers, Sites and Services, DNS) on a Win2K Professional machine. This tool is handy because it lets you administer your servers without logging on to their consoles. Unfortunately, the tool also produces the problem you've identified.

To obtain Exchange-related functionality in the Active Directory Users and Computers snap-in, you must install the Exchange System Manager (ESM) snap-in on your workstation because ESM installs the necessary extension DLLs for Active Directory Users and Computers. This operation is analogous to the Exchange Server 5.5 requirement that you install Microsoft Exchange Administrator on machines on which you want to run the Exchange-aware versions of Windows NT Backup or User Manager for Domains.

We have a mixed environment of Macintosh and Windows clients using Microsoft Outlook on our Exchange Server system. Windows users get warnings when their password is about to expire, but Mac users don't. Do you know how to make Mac Outlook aware of password expiration?

This omission is a longstanding irritation to people who use anything other than Win32 Outlook. Outlook versions exist for Windows 3.x and Mac and for a variety of POP3 and IMAP4 clients that can use Exchange, but none of these versions receive advance warning of password expiration.

The Microsoft BackOffice Resource Kit (BORK) includes the Password Expiration Warning Application (PEWA) tool. PEWA scans the domain, looking for accounts whose passwords are about to expire. The tool then searches the Global Address List (GAL) to find matching mailboxes and sends a warning message to any user whose password is about to expire. This tool lets Mac, UNIX, and even Windows 3.1 users receive password warnings. However, the bad news is that Win32 Outlook users receive two warnings: one from Outlook and one in their Inbox from PEWA.

How do I customize the default SMTP address that Exchange 2000 Server generates for new accounts?

Exchange 2000 uses recipient policies to generate addresses. This feature is helpful—assuming you know how to use it—because you can define multiple policies that implement exactly the set of addresses you want defined. By default, the recipient policy generates an address based on the account name. If Joe User's account name is juser, his default SMTP address will be [email protected] To change this default address format, you can use some specifiers that force the address generator to use a particular format, as Table 1 shows. You can also use a number with the specifiers to define how many characters of a name you want to use. For example, a specifier of %1g%s gives you one letter of the first name, followed by the last name (e.g., PRobichaux, GBush); %g%1s gives you PaulR and GeorgeB.

Our Exchange Server 5.5 system has recently begun logging event ID 201, which claims that we don't have enough Exchange Client Access Licenses (CALs), even though we do. How can I stop this event from appearing?

This problem occurs because Exchange 5.5 can use the License Manager to track the number of licenses you think you have versus the number in use. Sometimes, however, the License Manager is wrong, typically because Exchange clients might have multiple concurrent logons. Multiple logons can occur by design, but apparently no one told the licensing developers that fact. Anyway, Microsoft recommends using the License Manager application to verify that you have the correct number of licenses. My preferred alternative is to just stop the License Manager service and make sure that I have the correct number of licenses by the old-fashioned manual method of counting noses.

We use a RAS dial-up connection through the Internet Mail Service (IMS) to our ISP. I've noticed several huge files in the \exchsrvr\mcdata\log directory. Can we delete or shrink these files?

Yes, you can delete these large files. These files contain copies of all the inbound and outbound messages sent through the IMS; the IMS logs this traffic when you have SMTP diagnostic logging turned on. To stop these files from accumulating, turn diagnostic logging down on the Diagnostic Logging tab in the IMS Properties dialog box, then stop and restart the IMS. After it restarts, remove the Lnnnnnnn.log files from \exchsrvr\imcdata\log and you'll be in good shape.

What's the easiest way to add a disclaimer to every outgoing SMTP message?

In general, I discourage the use of such disclaimers because by adding a disclaimer to every message, you might be giving up rather than gaining the protection you seek. If you label every message as confidential, how can you expect anyone to take seriously the notion that some messages really are confidential? Also, long disclaimers (and most are long) annoy recipients.

If you must have disclaimers on an Exchange Server 5.5 server, the easiest way to add them is to use the IMS Extension DLL that Microsoft Consulting Services released some time ago. In "Using the IMS Extension DLL,", InstantDoc ID 8259, Joseph Neubauer explains how to install and use the tool. (You can obtain a copy of the tool from, or perform a Web search for This free but unsupported tool lets you append a disclaimer to each outbound message. For Exchange 2000 Server, you need to either install your own transport event sink (as the article at describes) or buy a third-party product such as GFI's Mail Essentials for Exchange 2000.

Which protocol uses the most bandwidth: Messaging API (MAPI), POP3, or IMAP4?

MAPI uses the most bandwidth—by a significant amount. MAPI is a more flexible and capable protocol than either POP3 or IMAP4, but it also has the most on-the-wire overhead of the three protocols.

When you look at the back-and-forth communications that each protocol uses to retrieve one 10KB message, you'll see an astonishing difference between MAPI and the other protocols. POP3 and IMAP4 add almost no overhead. (POP3, for example, requires only about 32 bytes to log on to a mailbox and retrieve that 10KB message.) MAPI, by contrast, can use several kilobytes before you even start downloading the message.

We're trying to split up administrative tasks so that some of our Help desk staff can manage mailboxes. How can we restrict their access to mailboxes homed on one server?

To restrict access easily, you need Exchange 2000 Server. Exchange Server 5.5 defines permissions at the organization, site, and configuration level, so you can't put permissions on just one server. Exchange 2000 lets you use fine-grained permissions. If your company doesn't have Exchange 2000, you can try two alternative methods:

  • Put users in recipient containers, then assign permissions on the containers. I don't like this alternative because it increases the difficulty of moving users.
  • Put each server in a separate site. Because you can assign permissions at the site level, you control permissions on each server—at the cost of some extra management overhead (e.g., you must manually add connectors to enable intersite messaging and replication).

Can users on a Windows NT 4.0 server running Exchange Server 5.5 use an Exchange 2000 Server machine for their public folder server?

Sure! In fact, you can use Exchange 2000 with Exchange 5.5 in several ways. Exchange 2000 can provide several services to mailboxes homed on Exchange 5.5 servers:

  • public folders, either replicas of folders from Exchange 5.5 or folders that exist only on the Exchange 2000 server
  • URL access to public-folder data
  • Outlook Web Access (OWA) to public folders
  • Exchange conferencing (if you're running Exchange 2000 Conferencing Server—ECS)
  • instant messaging

Can I alter the default text in Exchange Server nondelivery report (NDR) messages?

Users had hoped that Microsoft would offer this feature in Exchange 2000 Server, but it didn't materialize. Neither does Microsoft support a way for users to change the default text.

One cool thing you might do in Exchange 2000 is to write some event sink code to send a custom message when Exchange processes an NDR. However, writing this code might be more trouble than it's worth to you.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.