Resolution
goal
How do I set a Custom Attribute for use with an ADC CA LDAP filter?
fact
Exchange Migrator 2.x
fix
note
There have been some instances in which clearing the Primary NT Account was not sufficient to disconnect the 5.5 mailbox from the Active Directory user and did not remove the AD user account from the permissions of the source mailbox. In those cases, it was necessary to also remove/clear the target AD user object from the Permissions tab of the source mailbox.
note
This script and any related documentation is provided "AS IS," and NetIQ makes no warranties with respect to it, or its use or operation. NetIQ has no responsibility for any impact arising from your use of the scripts provided. The script should be fully tested in a lab environment before using in any production environment. Please do not use this filter until you are completely satisfied that it will work based on your complete testing matrix within a lab environment.
How do I set a Custom Attribute for use with an ADC CA LDAP filter?
fact
Exchange Migrator 2.x
fix
In order to successfully use the ADC CA LDAP filter specified in NETIQKB4448, and prevent migrated mail objects from reconnecting to the target AD object, you should populate a Custom Attribute on the object you do not want replicated and clear the msExchADCGlobalNames property of the source object.
Exchange Migrator will clear the msExchADCGlobalNames property on the target object during the migration.
- In the 'Specify Migration Options' wizard choose the following option: Yes, I would like to use scripts.
- Select I will write VBscripts and check the Include IADs Pointers to objects... checkbox.
- Place the following required scripts (based on your CAs) into the appropriate scripting event:
- Mailbox-PreProcess Event
sourceIADS.put "extension-Attribute-11","netiq"
sourceIADS.put "msExchADCGlobalnames", ""
'This next line will clear the Primary NT Account on a source mailbox.
'This line is only required if the Primary NT Account on a source mailbox
'is actually the target AD user object
sourceIADS.put "Assoc-NT-Account",""
'This line is required to actually set the defined values.
sourceIADS.setinfo
note
There have been some instances in which clearing the Primary NT Account was not sufficient to disconnect the 5.5 mailbox from the Active Directory user and did not remove the AD user account from the permissions of the source mailbox. In those cases, it was necessary to also remove/clear the target AD user object from the Permissions tab of the source mailbox.
note
This script and any related documentation is provided "AS IS," and NetIQ makes no warranties with respect to it, or its use or operation. NetIQ has no responsibility for any impact arising from your use of the scripts provided. The script should be fully tested in a lab environment before using in any production environment. Please do not use this filter until you are completely satisfied that it will work based on your complete testing matrix within a lab environment.
Additional Information
Formerly known as NETIQKB17983