Some of the PowerShell test cmdlets in Exchange Server 2013 rely on the administrator providing a mailbox credential for the test, or alternatively they can use a special mailbox user created specifically for use by the test cmdlets.

You can create this mailbox user on a Mailbox server by running the new-TestCasConnectivityUser.ps1 script provided by Microsoft. Running the script on a Mailbox server will create the test user on that server.

[PS] C:\>cd $exscripts

[PS] C:Program FilesMicrosoftExchange ServerV15scripts>.new-TestCasConnectivityUser.ps1

Please enter a temporary secure password for creating test users. For security purposes, 
the password will be changed regularly and automatically by the system.
Enter password: ***********

Create test user on: E15MB1.exchange2013demo.com
Click CTRL+Break to quit or click Enter to continue.:

UserPrincipalName: extest_39de530f5ee44@exchange2013demo.com

You can enable the test user for Unified Messaging by running this command with the following
 optional parameters : [-UMDialPlan  -UMExtension ] . Either None or Both must be present.

There are only a few ways that script can go wrong, such as not providing a password that is complex enough for your password policy, or the script being unable to determine the OU to place the user account object in. If necessary use the –OU parameter to specify which OU the account should be created in.

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for Practical365.com.

Comments

  1. André Seitz

    Hi Paul, besides this thread is a little bit old I have an useful tip for those who are still running Exchange 2010 (I did not test in newer Exchange versions):

    Script new-TestCasConnectivityUser.ps1 will fail if the last database resulting of the command Get-MailboxDatabase for the selected mailbox server is a recovery DB.

    Script fails with the generic error “CreateTestUser : Mailbox could not be created. Verify that OU ( Users ) exists and that password meets complexity requirements.”, even when OU exists and password meets the complexity requirements.

    This happens because the line 39 of the script does not exclude recovery DBs from the resulting list.

    To run successfully, remove the recovery DB or change the line 39 to:
    get-MailboxDatabase -server $mailboxServer | Where {$_.Recovery -eq $False} | foreach {$mailboxDatabaseName = $_.Guid.ToString()}

  2. hikmat

    Hi,

    “If necessary use the –OU parameter to specify which OU the account should be created in.”

    where would you use the -OU parameter .. in the script or the cmdlt ?

    regards

  3. Maik

    Hello,

    we have our internal domain name and set in domain a alternative userprincipalname suffix. So we have email addresses like something@external.com.
    Now, when i use new-TestCasConnectivityUser.ps1 and run Test-OutlookWebServices, i get the error message:
    extest_0ed1c883e8b74 Additional information:
    The user and the mailbox are in different Active Directory sites.

    Is there any solution for this problem?

    Thanks
    Maik

  4. Ted Wagner

    Something to note here. The way the script is written, the Exchange Test user derives the suffix of the name using the AD site GUID.

    The following error:

    “CreateTestUser : Mailbox could not be created. Verify that OU ( domain/Users ) exists and that password meets complexity requirements.”

    will also occur if you have an “extest_” user that already exists in AD for the site in which the server resides.

    To test this, RDP to an exchange server, create this short script:

    . ‘E:Program FilesMicrosoftExchange ServerV15binRemoteExchange.ps1’; Connect-ExchangeServer -auto -ClientApplication:ManagementShell
    $exchangeServer = get-ExchangeServer $(hostname.exe)
    $adSiteGuidLeft13 = $exchangeServer.Site.ObjectGuid.ToString().Replace(“-“,””).Substring(0, 13);
    $UserName = “extest_” + $adSiteGuidLeft13;
    $SamAccountName = “extest_” + $adSiteGuidLeft13;
    $SamAccountName

    You can also import the AD module and see if you can get-ADUser filtering on the $SamAccountName if you like.

    If the user already exists, then it will throw the error.

    The error

    “[Microsoft.Exchange.Data.Storage.WrongServerException]: The user and the mailbox are in different Active Directory sites.”

    can be misleading if you aren’t careful. If your mailbox server(s) reside in only one Active Directory site, then you can only have 1 (one) test mailbox/user! If you have mailbox servers located in 4 AD sites, and you run the new-TestCasConnectivityUser.ps1 script piped with Get-MailboxServer , you will create 4 Exchange test mailboxes/users.

    This explains this in more detail (info on SCOM): https://technet.microsoft.com/en-us/library/ee758052(v=exchg.140).aspx

    This is a good post on the test mailbox passwords. https://tecguruz.wordpress.com/tag/2146233088/

  5. Carol Ostos

    Hey Paul, quick one, you know how at account creation, we get the following disclaimer:
    “For security purposes, the password will be changed regularly and automatically by the system”

    Do you happen to know a way that will help verify this is actually happening? (As in the password being changed by the system

    Thank you in advanced!

    Cheers
    Carol

    1. Avatar photo
      Paul Cunningham

      Good question. This one-liner will show the PasswordLastSet (and other details) for each user object named “extest*” (assuming that’s what yours are called, like mine).

      [PS] C:>get-mailbox extest* | %{Get-ADUser -Identity $_.name -Properties passwordlastset}

      Interestingly, my results indicate the passwords haven’t been changed since 2014. I’ll see what else I can find out about it.

    2. Avatar photo
      Paul Cunningham

      I’m told the password resets are managed by SCOM. So if you’ve manually created the accounts then they won’t get passwords updated.

  6. Kranthi

    Paul,

    When i do Get-MailboxServer *dag* | .new-TestCasConnectivityUser.ps1, this is creating only three mailboxes on only three servers. Could you please tell me why its not creating on all the mailbox servers. We have around 40 multi role exchange 2013 servers, an its creating only three.

  7. Florian

    Same problem here (posted a comment also in the Test-ActiveSyncConnecitivity post).
    @Alexlz Did you get a solution for this?

    I dare to move the mailboxes from the test user to 2013, as this user/mailbox is used by a bunch of other applications/commands as well.

    Is the only solution here to create a 2nd test user in 2013?

  8. AlexIz

    Hello, Paul!

    We have mixed Exchange 2010 + Exchange 2013 infrastructure and all test users created by this script are in Exchange 2010 and so we’re unable to run some tests, because of an error:
    [Microsoft.Exchange.Monitoring.CasHealthStorageErrorException]: An error occurred while
    trying to access mailbox UN-EXCH02.ifdk.lan, on behalf of user
    ifdk.lanextest_24943df201b54

    Additional information:
    [Microsoft.Exchange.Data.Storage.WrongServerException]: The user and the mailbox are in
    different Active Directory sites..

    We also are unable to move test user from Exchange 2010 to Exchange 2013. the move completed successfully according to Exchange mail report but the test user remains in Exchange 2010. So the question is: how to create a test user in Exchange 2013 or how to move extest_ user mailbox froto Exchange 2013?

    1. Avatar photo
      Paul Cunningham

      You can move the mailbox just like any other mailbox. Seems odd that you’re running a move request for it and it isn’t actually moving. I think you should look closer at that.

Leave a Reply