Some of the PowerShell test cmdlets in Exchange Server 2013 rely on the administrator providing a mailbox credential for the test, or alternatively they can use a special mailbox user created specifically for use by the test cmdlets.
You can create this mailbox user on a Mailbox server by running the new-TestCasConnectivityUser.ps1 script provided by Microsoft. Running the script on a Mailbox server will create the test user on that server.
[PS] C:\>cd $exscripts [PS] C:Program FilesMicrosoftExchange ServerV15scripts>.new-TestCasConnectivityUser.ps1 Please enter a temporary secure password for creating test users. For security purposes, the password will be changed regularly and automatically by the system. Enter password: *********** Create test user on: E15MB1.exchange2013demo.com Click CTRL+Break to quit or click Enter to continue.: UserPrincipalName: extest_39de530f5ee44@exchange2013demo.com You can enable the test user for Unified Messaging by running this command with the following optional parameters : [-UMDialPlan -UMExtension ] . Either None or Both must be present.
There are only a few ways that script can go wrong, such as not providing a password that is complex enough for your password policy, or the script being unable to determine the OU to place the user account object in. If necessary use the –OU parameter to specify which OU the account should be created in.
Hi Paul, besides this thread is a little bit old I have an useful tip for those who are still running Exchange 2010 (I did not test in newer Exchange versions):
Script new-TestCasConnectivityUser.ps1 will fail if the last database resulting of the command Get-MailboxDatabase for the selected mailbox server is a recovery DB.
Script fails with the generic error “CreateTestUser : Mailbox could not be created. Verify that OU ( Users ) exists and that password meets complexity requirements.”, even when OU exists and password meets the complexity requirements.
This happens because the line 39 of the script does not exclude recovery DBs from the resulting list.
To run successfully, remove the recovery DB or change the line 39 to:
get-MailboxDatabase -server $mailboxServer | Where {$_.Recovery -eq $False} | foreach {$mailboxDatabaseName = $_.Guid.ToString()}
Hi,
“If necessary use the –OU parameter to specify which OU the account should be created in.”
where would you use the -OU parameter .. in the script or the cmdlt ?
regards
Hello,
we have our internal domain name and set in domain a alternative userprincipalname suffix. So we have email addresses like something@external.com.
Now, when i use new-TestCasConnectivityUser.ps1 and run Test-OutlookWebServices, i get the error message:
extest_0ed1c883e8b74 Additional information:
The user and the mailbox are in different Active Directory sites.
Is there any solution for this problem?
Thanks
Maik
Something to note here. The way the script is written, the Exchange Test user derives the suffix of the name using the AD site GUID.
The following error:
“CreateTestUser : Mailbox could not be created. Verify that OU ( domain/Users ) exists and that password meets complexity requirements.”
will also occur if you have an “extest_” user that already exists in AD for the site in which the server resides.
To test this, RDP to an exchange server, create this short script:
. ‘E:Program FilesMicrosoftExchange ServerV15binRemoteExchange.ps1’; Connect-ExchangeServer -auto -ClientApplication:ManagementShell
$exchangeServer = get-ExchangeServer $(hostname.exe)
$adSiteGuidLeft13 = $exchangeServer.Site.ObjectGuid.ToString().Replace(“-“,””).Substring(0, 13);
$UserName = “extest_” + $adSiteGuidLeft13;
$SamAccountName = “extest_” + $adSiteGuidLeft13;
$SamAccountName
You can also import the AD module and see if you can get-ADUser filtering on the $SamAccountName if you like.
If the user already exists, then it will throw the error.
The error
“[Microsoft.Exchange.Data.Storage.WrongServerException]: The user and the mailbox are in different Active Directory sites.”
can be misleading if you aren’t careful. If your mailbox server(s) reside in only one Active Directory site, then you can only have 1 (one) test mailbox/user! If you have mailbox servers located in 4 AD sites, and you run the new-TestCasConnectivityUser.ps1 script piped with Get-MailboxServer , you will create 4 Exchange test mailboxes/users.
This explains this in more detail (info on SCOM): https://technet.microsoft.com/en-us/library/ee758052(v=exchg.140).aspx
This is a good post on the test mailbox passwords. https://tecguruz.wordpress.com/tag/2146233088/
Hey Paul, quick one, you know how at account creation, we get the following disclaimer:
“For security purposes, the password will be changed regularly and automatically by the system”
Do you happen to know a way that will help verify this is actually happening? (As in the password being changed by the system
Thank you in advanced!
Cheers
Carol
The Real Person!
The Real Person!
Good question. This one-liner will show the PasswordLastSet (and other details) for each user object named “extest*” (assuming that’s what yours are called, like mine).
[PS] C:>get-mailbox extest* | %{Get-ADUser -Identity $_.name -Properties passwordlastset}
Interestingly, my results indicate the passwords haven’t been changed since 2014. I’ll see what else I can find out about it.
The Real Person!
The Real Person!
I’m told the password resets are managed by SCOM. So if you’ve manually created the accounts then they won’t get passwords updated.
Paul,
When i do Get-MailboxServer *dag* | .new-TestCasConnectivityUser.ps1, this is creating only three mailboxes on only three servers. Could you please tell me why its not creating on all the mailbox servers. We have around 40 multi role exchange 2013 servers, an its creating only three.
Same problem here (posted a comment also in the Test-ActiveSyncConnecitivity post).
@Alexlz Did you get a solution for this?
I dare to move the mailboxes from the test user to 2013, as this user/mailbox is used by a bunch of other applications/commands as well.
Is the only solution here to create a 2nd test user in 2013?
The Real Person!
The Real Person!
I responded on your other comment. You can run the test against any mailbox you like:
http://technet.microsoft.com/en-us/library/bb123540(v=exchg.150).aspx
Hello, Paul!
We have mixed Exchange 2010 + Exchange 2013 infrastructure and all test users created by this script are in Exchange 2010 and so we’re unable to run some tests, because of an error:
[Microsoft.Exchange.Monitoring.CasHealthStorageErrorException]: An error occurred while
trying to access mailbox UN-EXCH02.ifdk.lan, on behalf of user
ifdk.lanextest_24943df201b54
Additional information:
[Microsoft.Exchange.Data.Storage.WrongServerException]: The user and the mailbox are in
different Active Directory sites..
We also are unable to move test user from Exchange 2010 to Exchange 2013. the move completed successfully according to Exchange mail report but the test user remains in Exchange 2010. So the question is: how to create a test user in Exchange 2013 or how to move extest_ user mailbox froto Exchange 2013?
The Real Person!
The Real Person!
You can move the mailbox just like any other mailbox. Seems odd that you’re running a move request for it and it isn’t actually moving. I think you should look closer at that.