A customer is upgrading from Exchange 2010 to Exchange 2013. The default
entitlement in the AD driver has the mailbox database in the
DirXML-EntitlementRef attribute. All mailboxes will be migrated to a new
mailbox database, which will invalidate the attribute, since the wrong
mailbox database will be there. Case:

1. A user is in mailboxdatabase1 on Exchange 2010
2. The mailbox is moved to mailboxdatabase2 in Exchange 2013
3. Entitlement is revoked
4. AD driver does not throw an error, but the entitlement is NOT
removed, since the value is wrong (and therefore the email account is
not disabled)

This will be an issue with all users, once they are moved to Exchange
2013, and a revoke is attempted.

Bit more info:

Exchange 2010 and 2013 are running now side by side.
The AD driver is able to find the new database from the UA entitlement
management module (i can add the new database as a value). So changing
the value of the entitlement to the new database, will fix the problem
for all newly created email accounts and also a revoke on them. But, all
the current entitlement values on all current users will be invalid and
it will not be possible to revoke them. Changing the value of the
entitlement does not update all the current users with the entitlement,
with the new value.

This sounds crazy, but is the solution to modify the entitlement ref
attribute on all users? I am pretty sure that is a bad, if not very bad

What can I do?

Thanks in advance,


jacmarpet's Profile: https://forums.netiq.com/member.php?userid=415
View this thread: https://forums.netiq.com/showthread.php?t=57012