My Blog
I decided to finally get with it and create my own Blog. I don't know how often I'll be blogging, as I stay fairly busy, but I'll try to post here every so often. Since most of the work I do relates to Microsoft Exchange, probably much of what I blog about will relate to that, but I'm sure that there will be occasional (or frequent) blogs about my family.
About Me
- Name: Ben Winzenz
- Location: Keller, Texas, United States
I grew up near Ann Arbor, Michigan and went to college at BYU (Brigham Young University). In 1992, I took 2 years off from school to serve a full-time mission for my Church (the Church of Jesus Christ of Latter-day Saints) in Frankfurt, Germany. I've been married for 11 years and have 4 beautiful children. I have been working with Exchange since 1999.
Subscribe to this Blog
Subscribe to my Blog
Contact Me
E-mail me
Other Blogs
MS Exchange Blog
Mark Fugatt's Blog
You Had me at EHLO
David Lemson's Blog [MSFT]
Evan Dodd's Blog [PSS]
KC Lemson's Blog
Michael Palermiti's Blog [PSS]
Michael B. Smith's Blog
Andy Webb's Blog
Chad Gross [SBS]
E2K Security
Glen's Exchange Dev Blog
Bharat Suneja's Blog
Exchange Cookbook
Kevin Weilbacher [SBS]
Sigfried Weber
Susan Bradley's SBS Blog
Tim Rains' Weblog
Robert Hensing's Blog
Robert Scoble's Blog
WitNit
Jim McBee's Mostly Exchange Blog
Ant Drewery
Exchange-ing Ideas - Missy Koslosky
Donna's Security Flash
What's in Store - WinFS blog
Microsoft Security Response Center
Jason Langridge's WebLog - MR Mobile!
Gerod Serafin's Blog
XP Source
Mark's Sysinternals Blog
Jesper Johansson's Blog
ExchangeIS - Ben Hoffman's Blog
Ray Ozzie's Blog
Monad Team Blog
Devin Ganger - (e)Mail Insecurity
Steve Riley's Blog
Henrik Walther's Exchange Blog
Search
Archives
September 2004October 2004
November 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
Wednesday, March 22, 2006
Great news for Exchange Administrators!
I just saw this today posted on Gerod Serafin's blog. The Exchange team has posted a new KB article detailing a hot fix (yes, you still have to call in and get it, no you won't be charged for the call) that is now available to deal with disabled user accounts.
Prior to this hotfix, the default behavior was that as *soon* as you disable a user account, ALL mail will immediately begin to NDR. This is because disabled user accounts do not have a valid msExchMasterAccountSid attribute.
There used to be 2 methods to fix this (both arrived at the same solution, but one was automated). The first was to manually edit the ACL's on the account (Mailbox Rights) and grant the SELF account Full Mailbox Access and Associate External Account. This would fix the missing msExchMasterAccountSid attribute and allow the mailbox to again receive mail. The second method was to obtain a tool called NoMAS (No Master Account Sid) and run it. It would then automatically fix any and all accounts in the domain with this missing attribute.
I have always disagreed with this default behavior, so I am quite happy to see this hotfix available. It will change the behavior of Exchange so that it automatically uses the SELF sid as the msExchMasterAccountSid for disabled accounts. Read more about this hotfix from the following KB article.
KB 903158
Update: It has also been posted on the Exchange Team's blog, courtesy of Nino Bilic and Alex Seigler (Alex was the original developer of the NoMAS tool). Thanks go out to all those involved in publishing this hotfix.
- posted by Ben Winzenz @ 10:59 AM
