Delete Exchange mailbox by etautil
Article ID: 116295
Updated On:
Products
CA Identity Manager
CA Identity Governance
CA Identity Portal
CA Identity Suite
Issue/Introduction
Our customer need to delete mailbox for disabled users. We tried etautil command but it doesn't work. How can we delete mailbox by etautil command?
Environment
Release:
Component: IDMGR
Component: IDMGR
Resolution
Here was my approach.
From IMPM UI I performed a custom / delete mailbox and observed the request passed to the ADS connector by the provisioning server into the eta transaction log.
In my lab I work with a old exchange 2007 server and ADS 2008 R2.
My exchange option is agentless.
Based on my eta trans log analysis, To delete a mailbox you can send a ldapmodify to explicitly delete the following mailbox attributes for the account:
eTADSmailNickname, eTADSmsExchHomeServerName and eTADShomeMDB.
Here is a sample how to do:
ldapmodify -h localhost -p 20389 -D
"eTGlobalUserName=superadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta"
-w secret -f etaldapDeleteMailbox.in
with the input file as:
dn: eTADSAccountName=AAA,eTADSOrgUnitName=...,eTADSDirectoryName=DDD,eTNamespaceName=ActiveDirectory,dc=im,dc=eta
objectClass: eTADSAccount
delete: eTADSmailNickname
eTADSmailNickname: Your_mailNickname_Value
delete: eTADSmsExchHomeServerName
eTADSmsExchHomeServerName: Your_msExchHomeServerName_Value
delete: eTADShomeMDB
eTADShomeMDB: Your_homeMDB_Value
-
With etautil you cannot explicitly delete attributes.
(You can remove a value from a multi valued attribute but cannot delete a single valued attribute)
Also the constraint with the ldap command is you cannot delete the attributes without setting their values.
By scripting you can perform a ldap search to retrieve those info and then run my suggested modify.
(this is not so complex to do)
From IMPM UI I performed a custom / delete mailbox and observed the request passed to the ADS connector by the provisioning server into the eta transaction log.
In my lab I work with a old exchange 2007 server and ADS 2008 R2.
My exchange option is agentless.
Based on my eta trans log analysis, To delete a mailbox you can send a ldapmodify to explicitly delete the following mailbox attributes for the account:
eTADSmailNickname, eTADSmsExchHomeServerName and eTADShomeMDB.
Here is a sample how to do:
ldapmodify -h localhost -p 20389 -D
"eTGlobalUserName=superadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta"
-w secret -f etaldapDeleteMailbox.in
with the input file as:
dn: eTADSAccountName=AAA,eTADSOrgUnitName=...,eTADSDirectoryName=DDD,eTNamespaceName=ActiveDirectory,dc=im,dc=eta
objectClass: eTADSAccount
delete: eTADSmailNickname
eTADSmailNickname: Your_mailNickname_Value
delete: eTADSmsExchHomeServerName
eTADSmsExchHomeServerName: Your_msExchHomeServerName_Value
delete: eTADShomeMDB
eTADShomeMDB: Your_homeMDB_Value
-
With etautil you cannot explicitly delete attributes.
(You can remove a value from a multi valued attribute but cannot delete a single valued attribute)
Also the constraint with the ldap command is you cannot delete the attributes without setting their values.
By scripting you can perform a ldap search to retrieve those info and then run my suggested modify.
(this is not so complex to do)
Feedback
Yes
No
Powered by
