Filed under: Active Directory, Exchange, time out | Tags: active directory, admodify, exchange, Microsoft
Need to modify the maximum size of incoming messages for 100 users in Exchange? Well AdModify is your friend. AdModify lets you search for certain type of users using LDAP query in Actice Directory, and change their attributes. Just download either version (the.NET version obviously requires you to have .NET framework installed on the source and target server), unzip, and double click admodify.exe to start the program
ADModify start screen
To begin, select “Modify Existing User’s Attributes”, and press next. Select one of the domain controller from the dropdown list
Select the domain controller
Select the OU that contains the targeted objects. Also check the “Traverse subcontainers when enumerating users” option. Press the advance button to enter the LDAP query.
Select the OU
A new window will pop-up, type the query. In my case, I want to select all users with Manager in their AD account description, so the query should look like this:
(&(ObjectClass=User)(Description=*manager*))
press OK to submit the query.
Insert the LDAP Query
Press the Add to List button to start the query and list the result on the right pane. Examine wether the result of the query matches your expectation, press the select All button, and then, press the Next button to go to the “Modify active directory users” window
Modify the attributes
Find the attributes that you wish to change from the tabs. You can change several Exchange related attributes from the “Exchange General” and “Exchange General Continued” tabs. In My case, I’m changing the maximum size of inbound message. Press the Change button to start the modification.
Filed under: Exchange, Microsoft | Tags: 2003, ASA, blackberry, cisco, esmtp, exchange, gmail, Microsoft, smtp, yahoo
My mail server has been experiencing strange problem. Emails sent from gmail and yahoo via blackberries failed to reach its intended recipients. Gmail and Yahoo mailer daemons would complain about connection timeout, and and then give up. My Trend Micro IMS antispam server log showed that google server initiated a session, but nothing happened after that. Whitelisting and increasing session timeout didn’t help.
I did notice unusual behaviour when telneting other SMTP servers from my mail server:
surfer@Mach5-M:~$ telnet smtp.cbn.net.id 25 Trying 210.210.145.16... Connected to smtp.cbn.net.id. Escape character is '^]'. 220 ********************* ehlo there 500 #5.5.1 command not recognized
This is due to our mail server sitting behind a Cisco ASA, and our network guy activating “inspect” on smtp traffics. After disabling “inspect” on the ASA with
# no inspect esmtp
email sent from gmail and yahoo via blackberries run normally and can be delivered to its target.
Filed under: Exchange, Microsoft, Windows | Tags: 2003, 9548, eventid, exchange, Microsoft, MSExchangeIS, nomas
Recently, event ID 9548 has been flooding my Exchange Server application log, resulting in performance degradation.
As described by the screenshot above, it is caused when an account does not have a master account SID assigned.It is usually triggered when you have a disabled user account with exchange attributes in your Active Directory. This is what happened to me. One option you can do is to delete the corresponding user from the AD, and purge everything related to the said user.
In my case, due to our company policy, deleting an account from the AD requires me to behead a black goat, put the corpse on top of a stone tablet, facing sunrise….. Kidding 
Let’s just say it’s not easily done 
So I need to keep the disabled user account, and still be able to prevent this from happening.
Based on this, I need to set the Master Account SID for each of the disabled account in my AD. Unfortunately, there were tons of them. Luckily Microsoft provides us with nomas, a tool to perform such task in bulk. As written on the link, to get nomas, you need to contact Microsoft Product Support Service… or you can download it here
Nomas is simple and very straight forward to use. Just unzip, and then doubleclick the nomas.exe file to start.
Pick check on Mode Selection, and check the “Disabled users” on User selection to start checking for disabled user without assigned Master account SID. The result will be stored on the log file. Change mode selection to “Fix” to start adding Master account SID on disabled users.
After running the tool, I’m happy to report that I no longer receive the event ID 9548 on my Exchange box
