You're gonna want that cowbell!

Episode III: Revenge of the SysAdmin

AS I write this, my friends at Microsoft Product Support Services (MSPSS) are currently remote-controlling my PC in an attempt to resolve my problem with my manging partner’s Exchange mailbox. Essentially, I reached the end of my attempts this morning, as I even attempted to remove all Exchange attributes on the user and recreate them. Interestingly enough, when a new user is created, this problem does not exist. Furthermore, this is the only user for which this problem exists. All of the other users in my organization don’t have this problem.

One of the items I attempted to perform in my early morning troubleshooting was to even recreate the user account for the user and reconnect it to the mailbox. This, of course, had no effect on the problem at all. It did, however, create the one problem I forgot about–it munged his local profile on his laptop. I forgot that when one creates a new account in Active Directory, a new SID is created. Obviously, the SID is tracked within the registry to track who has access to the local profile. When my user logged in this morning, he had a new profile created in %SystemDrive%\Documents and Settings\ of the form username.domainname. This was no good to me, since we had everything else we needed for the user in their local profile.

After lunch, I had to do some quick research on the subject as none of my earlier attempts to swap profiles did not work. Thanks to
Drew Mclellan at “Recovering a Windows Profile.” One caveat to this fix is that your user account will have to have NTFS rights to the old profile directory, and the user will probably need to have local administrator rights to the workstation. The short way to fix this is to:

  1. Make sure to login to the local machine as an administrator or equivalent.
  2. Click Start|Run, then type regedit in the Open field.
  3. Navigate to HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList. You should see a series of keys on the left that will look like S-1-234567890. These are SIDs, and they correspond to the actual users logging into your system.
  4. Hit CTRL+F to bring up the Find dialog box. In the Find what: field, enter %SystemDrive%\Documents and Settings\oldusername.domainname. Essentially, you should find this entry once. The SID this was associated with was your old user account.
  5. Edit the value of this key such that it has the name of your old profile directory. In other words, make the value %SystemDrive%\Documents and Settings\oldusername.
  6. Reboot your machine, and now login as the user again–making sure to log into the domain. Your new settings should be restored as they were before.

I am still watching MSPSS work their magic, but I don’t think my tech quite understands my issue. It looks like I might be here for a while watching him remote control my workstation. At least their per incident support charge is cheaper than Novell’s ever was. 😉

UPDATE: As I was thinking, the mailbox will need to be deleted and recreated, then reconnected with the user. Looks like ExMerge is going to play a role in this process. Wonder how ExMerge handles over 2GB of mail?  The problem in this case was that someone–presumably a consultant that preceded me–gave Full Mailbox Access rights to the group Mail Operators.  Mail Operators includes all of my users–something I need to fix.  As a result, in the case of this mailbox, they had full access to our partner’s mail folders.  Once this was removed, access to his folders behaves as it should.

4 Comments

  1. mokiejovis

    Glad you got that fixed up!

    As an aside, the new version of Exmerge works very, very well with large mailboxes, up to 20GB, I believe.

  2. Jason J. Thomas

    mokie: That makes two of us. I am just annoyed that someone decided that Mailbox Operators needed full access to the mailbox in question. Stupid consultants! I need to look more fully into the Mailbox Operators group–I wonder if it is getting too much or needs to have the members it currently does.

    I will have to keep Exmerge in mind and get to know it. It might be a good way to back things up for our users while allowing me to do a bit of Exchange housekeeping.

  3. mokiejovis

    Exmerge is useful when you need to move a mailbox from one server to another inside of a large organization. It’s also useful to get a snapshot backup of a mail server?

    What do you use to do your backups? Do you use ntbackup? As someone who has suffered the hell of trying to recover a singular mailbox from backup using ntbackup, let me strongly recommend Dantz Retrospect Multi-Server with the Exchange backup addon – it allows brick-level backups/recoveries and integrates SEAMLESSLY with Exchange, using Exchange’s built-in backup system. You can literally just hit the recover button, and when the user checks their mail later, they get the recovered mailbox. Phenomenal.

    Also, I’ve noticed you need to go in on Saturdays to change tapes – if your company is so determined to get a Saturday backup that they’re willing to pay you to swap it out, why don’t they just spring for a tape carousel? They cost somewhere thereabouts of $3000, but it’ll likely pay for itself in time you don’t have to spend (plus you won’t have to go in on saturdays).

  4. Jason J. Thomas

    I was looking at the Exmerge docs, and I did see it’s pretty useful for snapshot backups.

    For backups, we use BackupExec 10 for Small Business Server. Ah, yes, since we are a SB, we use SBS on our main server. Everything you know as a good Windows admin gets thrown out of the window with SBS–Exchange on a Domain controller, doing file and print, and some IIS stuff, on the same box? In a big enterprise shop, we would have 3-4 servers doing this stuff. Here, just one.

    I have not had the need to deal with the need to do a mailbox recover (knock on wood). That said, BE does a pretty nice job.

    As for the tape carousel, I would need to figure something out with that, since I currently have an external SCSI LTO-2 drive–whose performance screams, I might add. Trust me, though, the swapping out on Saturday sucks–but I get points in the eyes of the superiors. A little short term pain for long-term gain is how I looked at it, and given the small business angle I deferred looking at something like this until I had a year under my belt. Consider this: before I arrived, no backups were happening at all. Now, the server is backed up, and our managing partner’s laptop is backed up to an external Seagate drive. :-O

© 2020 Baltimoremick

Theme by Anders NorenUp ↑