Cannot update email address after rename

Question

Hello,

We have an issue where email address is not being updated per email address policy after user account rename. If change is being done on Exchange directly it works fine. If after rename on Adaxes we toggle email address policy check mark in Exchange it works. But somehow we are unable to automate email address policy toggle for the mailbox after account rename. We are in hybrid exchange. This is the task: It throws this error: Can you please tell me what I am doing wrong here?

Answer 1

Hello,

To edit Exchange properties of AD objects, Adaxes uses management cmdlets provided by Exchange Server, such as Set-Mailbox, for example. The error message means that the account whose credentials were used to register your AD domain in Adaxes is not allowed to use the EmailAddressPolicyEnabled parameter of one of the cmdlets used. For information on how to check/change the account, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.ManageActiveDirectory.ManageDomains.ChangeManagedDomainLogonInfo.html.

To resolve the issue, you need to add the parameter to the Exchange Management Roles assigned to the account. Alternatively, you can create a new Role that for this purpose, and then assign the role to the user. For information on how to do that, use the following guide by Microsoft: https://blogs.technet.microsoft.com/rmilne/2013/12/16/how-to-add-or-remove-cmdlet-parameter-from-rbac-management-role/. See section Add A Single Parameter.

After performing changes following the guide, restart Softerra Adaxes Service.

Comments

Hello,

Permissions are fine for Adaxes account. And we can verify it by running the task as powershell script and remoting into Exchange server. But we want to use builtin functionality and that does not work. Here is a list of permission groups the account is member of: What else could we check regarding this issue?

---

Also I have tried doing the change using ADSI script:

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

# Bind to user object
$userDN = "CN=company,DC=com"
$user = $admService.OpenObject("Adaxes://$userDN", $NULL, $NULL, 0)

# Create an instance of the AdmExchangeMailboxParameters class
$mailboxParams = New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxParameters"

# Automatically update e-mail addresses based on e-mail address policy
$mailboxParams.EmailAddressPolicyEnabled = $False
$user.SetMailParameters($mailboxParams, "ADM_SET_EXCHANGE_PARAMS_FLAGS_NONE")

But the result is the same. This was run on the account with Domain Admin and Enterprise Admin permissions.

---

Hello,

For troubleshooting purposes, please, enable tracing of requests sent to Exchange servers, reproduce the issue and send us (support[at]adaxes.com) the log file. For information on how to enable the tracing, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.PerformExchangeTasks.TraceExchangeRequests.html.

---

Hello,

Thank you for the provided trace. The error occurs because the EmailAddressPolicyEnabled parameter is available only in on-premises Exchange and not in Exchange Online. To remedy the issue, you need to replace the first and last actions in your Business Rule with the Run a program or PowerShell script action that will execute the below script. In the script:

• $exchangeServer - Specifies the Fully Qualified Domain Name (FQDN) of your Exchange Server.
• $enableEmailAddressPolicy - Specifies whether the EmailAddressPolicyEnabled parameter will be enabled.

$exchangeServer ="ExchangeServer.domain.com" # TODO: Modify me
$enableEmailAddressPolicy = $True # TODO: Modify me

try
{
    # Connect to Exchange Server
    $session = New-PSSession -connectionURI "http://$exchangeServer/powershell" -ConfigurationName Microsoft.Exchange
    Import-PSSession -session $session

    Set-RemoteMailbox -Identity "%distinguishedName%" -EmailAddressPolicyEnabled $enableEmailAddressPolicy
}
finally
{
    # Close the remote session and release resources
    if ($session) { Remove-PSSession -Session $session}
}