Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, April 9, 2013 5:07 PM
Ive seen another thread on this parameter, and from my testing the answer does not seem correct. What I would like to know is where does (get-mailbox $user | select ExchangeUserAccountControl) get it's value from.
The other thread indicates that it is from disabling the AD user object, but in my testing, this does not appear to be the case. any insight to this would be appreciated.
All replies (5)
Thursday, April 11, 2013 3:44 PM âś…Answered | 1 vote
After a lot of toggling settings and services I found an answer:
Simply flagging the AD object disabled does not change the ExchangeUserAccountControl property, however, having the object enabled or disabled, and then flagging the HiddenFromAddressListsEnabled true or false does makes the field change. Additionally, the gal needs to be toggled to T/F *after* the AD account is enabled or disabled to make the change.
Example1: AD enabled, Gal enabled
Get-qaduser $user | AccountIsDisabled : False
Get-mailbox $user | ExchangeUserAccountControl : None, HiddenFromAddressListsEnabled : False
Example2: AD disabled, Gal enabled
Get-qaduser $user | AccountIsDisabled : True
Get-mailbox $user | ExchangeUserAccountControl : None, HiddenFromAddressListsEnabled : False
Example3: AD disabled, Gal disabled
Get-qaduser $user | AccountIsDisabled : True
Get-mailbox $user | ExchangeUserAccountControl : AccountDisabled, HiddenFromAddressListsEnabled : true
Tuesday, April 9, 2013 5:55 PM
I'm seeing it as the disabled account in AD - I ran it against my own mailbox and it said "None", and ran it on a conference room mailbox and it showed "AccountDisabled". Remember, replication may not show the disabled status when you have run the command.
Tuesday, April 9, 2013 7:06 PM
Resource mailboxes should show as AccountDisabled (and they do). What I'm talking about is a mailbox (RecipientTypeDetails: UserMailbox) that is disabled in AD does not change the ExchangeUserAccountControl property on get-mailbox. (or vice versa)
My test setup is a single server so I would think there wouldn't be any delay in replication. I set the settings on these account yesterday afternoon in both production and testing. They both have not changed. (yet)
Tuesday, April 9, 2013 7:43 PM
I know how room mailboxes are handled, thanks. As for normal mailbox-enabled accounts, when we have users leave our company, their accoutns are disabled for 30 days before we remove them from our directory. The accounts we have in that directory show the ExchangeUserAccountControl as AccountDisabled, same as the room mailbox does.
And in case you are wondering, the RecipientTypeDetails of this account are UserMailbox.
Wednesday, April 10, 2013 4:37 PM
Still not seeing any changes in production or our test environment. Does anyone else have any info on how this field propagates? (or how to force its propagation?)