Exchange 2010 with Legacy 2000 AD information

I had an interesting issue. I had an old Windows 2000 SBS server on my clients network. Been there for a long time as they needed to use the legacy application that it runs. Most services were disabled (ISA, Exchange). Problem arose as it had been disconnected from the domain for some time. This proved interesting when I tried to remove it from the domain. We had to do a adprep /forceremoval (undocumented).

Anyway, the next issue arose when the new Exchange 2010 server was being installed. We could not create mailboxes for exiting users. What gives? I thought Exchange was not being used on the old server? Seems it was, at one stage.

Ok, time to remove this.

[PS] C:Windowssystem32>get-mailbox LegacyUser

Name                      Alias                ServerName       ProhibitSendQuota
—-                           —–                ———-       —————–
Legacy User        LegacyUser           OldSBS2000       unlimited

Ok, the user still seems to be there. I managed to find a command which disables the mailbox AND removes the legacy information from Active Directory.

[PS] C:Windowssystem32>disable-mailbox LegacyUser

Confirm
Are you sure you want to perform this action?
Disabling Mailbox “LegacyUser” will remove the Exchange properties from the Windows user object and mark the mailbox in
the database for removal.
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is “Y”):

If you don’t disable the user, you will get the following error:

[PS] C:Windowssystem32>remove-mailbox LegacyUser

Confirm
Are you sure you want to perform this action?
Removing the Mailbox “adeleg” will remove the Active Directory user object and mark the mailbox in the database for removal.
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is “Y”):
Active Directory operation failed on LegacySBS2000.domain.local. This error is not retriable. Additional information: Acc
ess is denied.
Active directory response: 00000005: SecErr: DSID-03151D12, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
+ CategoryInfo          : NotSpecified: (0:Int32) [Remove-Mailbox], ADOperationException
+ FullyQualifiedErrorId : 103F99DF,Microsoft.Exchange.Management.RecipientTasks.RemoveMailbox

Now you can add mailboxes to these users.You can also remove this information from AD using ADSI Edit, but I STRONGLY DO NOT RECOMMEND THIS. It does work however 😉

I hope this helps someone out there.

Leave a Reply