I was at a customer site where they had issues with moderated transport not working properly in Exchange 2010 and they had done a “cleanup” recently and deleted all accounts which were disabled. That gave me a clue as to why moderated transport wasn’t working ;) I had a look in AD and couldn’t find any of the system mailboxes which are created as part of Exchange 2010 setup. This has prompted me to write this post. So, here it goes…
Exchange 2010 creates three system mailboxes as part of the setup in the root domain. They are SystemMailbox{1f05a927-xxxx-xxxx-xxxx-xxxxxxxxxxxx}(where x is a random number/alphabet, the account is used for moderated transport), SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9} (used for discovery)and FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042 (used for federated email). The accounts are disabled in AD and they are not meant to be enabled or deleted. You can find the accounts in the “Users” OU by default.
You can also find the system mailboxes by running “Get-Mailbox –Arbitration” in Exchange Shell.
Now, what if someone accidently deletes the system mailboxes from Exchange, leaving the AD accounts in tact? The recovery is easy enough. As the AD accounts exist, all we need is to mailbox enable them with the –Arbitration switch. For example, run the command below.
Enable-Mailbox SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9} –Arbitration
What if someone deletes the disabled AD accounts as well? The fix is to run Setup.Com /PrepareAD from the Exchange 2010 DVD/ISO, as it is the AD preparation process (which is run as part of the 2010 setup) that creates the disabled system mailbox accounts in AD. Once the accounts are created, mailbox enable them using the command above.
The moral is to leave the disabled system accounts untouched
No comments:
Post a Comment