Recreate and enable missing arbitration user accounts and mailboxes in Exchange Server 2010
2010-08-17 32 Comments
I was asked a question today regarding missing arbitration user accounts and mailboxes. The customer had for some reason, lost or deleted the system mailboxes and did not know how to get them back. Here is how you do it if you end up in the same situation.
There are a number of accounts that you might have to recreate. All these can be found in the “Users” OU in Active Directory. They should look something like this:
- FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042
- SystemMailbox{1f05a927-af78-475a-aba4-fc281398eb54}
- SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}
- The GUIDs in the name of the accounts in your environment will differ from my example since these are automatically generated.To see if there are any arbitration mailboxes present you can run the following command. In my example, all of the arbitration mailboxes are missing.
- Get-Mailbox –Arbitration
Active Directory Accounts
This one is simple, you will have to use the Exchange 2010 setup and run PrepareAD and the process will add the missing accounts again. Make sure that you run the command with the latest installed version of Exchange. If you have installed SP1 use the SP1 installation media. Also, make sure that you use an elevated command prompt when executing the command.
setup.com /PrepareAD
When this is complete you will have the recreated user accounts in the “Users” OU in Active Directory. Leave ADUC open since we need to get the names for the accounts in the next step.
Mailboxes
Next we move on to the mailboxes for the newly recreated users. This to is quite simple, all you have to do is to enable the mailboxes for the Active Directory Users.
Use the following command to enable the mailboxes:
Enable-Mailbox –Arbitration –Identity “FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042”
Enable-Mailbox –Arbitration –Identity “SystemMailbox{1f05a927-8668-4003-adad-9b80758e86db}”
Enable-Mailbox –Arbitration –Identity “SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}”
You should also set the correct display name for one of the mailboxes using this commands:
Set-Mailbox –Arbitration –Identity “SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}” –DisplayName “Microsoft Exchange”
It can be a bit tricky to determine which one of the SystemMailbox mailboxes that should have the display name “Microsoft Exchange”. If you look at the GUID for this user you can see that is starts with “e0dc1c29”, that is what you should be looking for.
You should also reset the quota for the “FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042” mailbox. This can be done using the following command:
Set-Mailbox –Arbitration –Identity “FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042” –ProhibitSendQuota 1MB
Once you have finished these commands you should be all set. If you want to make sure that the commands really worked you can list the arbitration mailboxes by using the following command:
Get-Mailbox –Arbitration
Please do not hesitate to let me know if you got any further questions or thoughts, thanks for reading!
Hi I recreated the Active Directory accounts using the setup /PrepareAD as in your Web Page but when I try and create the mailboxes it fails.
I get the following error:
The operation couldn’t be performed because object ‘FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042′ couldn’t be found on “ourchild.domain.local”
The Exchange Servers are all in the child domain. Do you know what is wrong? It seems to be looking for the account in the child domain and not the root domain.
Any help would be greatly appreciated.
Thanks,
Paul
Ah found what was wrong needed to change the scope to look at the whole forest.
Great to hear that you solved it on you own, thanks for posting back with the answer!
Superb article. Saved me a bucket load of time and research in recreting the arbitaion accounts after a DR situation with a customer.
Many thanks.
Nice to hear that you could use it, thanks for commenting!
Pingback: Recreate arbitration accounts in Exchange 2010 « Alan's sysadmin Blog
Great article, but getting the error: The user’s Active Directory account must be logon-disabled for linked, shared, or resource mailbox. The accounts are locked and disabled.
Outstanding work! I was ready to commit harakiri….. so now I am getting this long message:
“This task does not support recipients of this type. The specified recipient pennyxxxx.org/Users/SystemMailbox{1f05a927-e1a6-4713-8a8f-e2cd53bacd2 is of type UserMailbox. Please make sure that this recipient matches the required recipient type for this task….”
It also tells me (when I run [get-mailbox -arbitration]): “The object xxyy has been corrupted and is in an inconsistent state. The following validation errors happened: Database is mandatory on UserMailbox.”
Thanks so much for ANY help!
Hi Jose and thanks for reading. I would recommend you to delete that specific mailbox and recreate it. Have you tried that already?
Nice, thank you, your howto helped me out
Great, I am glad I could help. Thanks for reading!
Thanks, saved me a lot of time after I had reinstalled the OS for a test Exchange box without deleting the FederatedEmail and SystemMailbox mailboxes.
My pleasure, thanks for reading!
Fantastic Article!!!!!!!!!!!!! One addition, not only did I have to target -DomainController xx due to having multiple domains, I also had to delete my existing “SystemMailboxes” in order to recreate them and enable them.
Symptom, when running the “enable” command you get this error:
This task does not support recipients of this type. The specified recipient domain.com/Users/SystemMailbox{e
0dc1c29-89c3-4034-b678-e6c29d823ed9} is of type UserMailbox. Please make sure that this recipient matches the required
recipient type for this task.
SystemMailbox account did exist in AD, had to delete it and run setup /PrepareAD for the “Enable” command to work
Hi and thanks for reading!
Nice to hear that you solved it and thanks for sharing your findings and experience.
Hi Martin,
Nice article there!
great sharing
Hi Jonas,
Thank you, nice of you to stop by :)
Great Job, Worked like a champ.
Thanks, glad to hear that it worked. Thanks for reading!
Hi, I have only 2 of the 3 accounts listed in AD, and when trying to enable them am receiving: “This task does not support recipients of this type. The specified recipient SystemMailbox{xxxxxxxx} is of type UserMailbox. Please make sure that this recipient matches the required recipient type for this task….”
It also tells me (when I run [get-mailbox -arbitration]): “The object xxyy has been corrupted and is in an inconsistent state. The following validation errors happened: Database is mandatory on UserMailbox.”
You mentioned they should be deleted and recreated. Do you mean just delete the objects in AD and then run
“setup.com /PrepareAD”?
By the way, I did try running this command today and it said something about a reboot pending from a previous install. Is it safe to our current Exchange setup to reboot it and run the PrepareAD command?
Many thanks for a helpful article.
Hi,
Yes, what I mean is that you can just delete the mailboxes and user accounts and then run setup.com /PrepareAD. This will recreate the user accounts and then you can enable the mailboxes.
If it says you have got a pending reboot that is what you should do. My guess is that you have a previous installation done that is not related to this issue. But you will have to restart the server anyway to be able to run the setup.com /PrepareAD command.
Give that a try and get back to me if it doesn’t solve your problem!
Thanks for reading!
Awesome, worked great! Thanks so much. I am now confident that my Exchange environment is fully functional. Thanks for an informative article.
No worries Sherrie, Just glad you find it usefull. Thanks for reading and commenting :)
Created a new database as the archive bit wasn’t resetting after a successful backup. Couldn’t move the FederatedEmail mailbox over to the new database at the final step. Ended up deleting the FederatedEmail user from AD, ran setup /PrepareAD, enabled FederatedEmail mailbox per instructions above, was able to move the FederatedEmail mailbox after that, set quota and then was able to delete old database.
Excellent, thank you for reading and sharing your solution!
Hi, I dismount the database, and delete everything (log, .edb file) before removing the database from DAG. I now see the old DB is still existing even no .edb exists. I cannot re-mount the DB, remove the DB(there are arbitration mailbox still attached for some reason)…basically nothing i can do. Running the command “get-mailbox -arbitration”, those 3 entries are still showing. However, i cannot move the mailbox to other DB since I have deleted the .edb already. Can I just mail-enable to user account on another DB? Any advise? Thanks.
Ed
Hi Ed,
You should be able to remove the database using ADSIEdit.
In ADSIEdit,
1. Connect to the Configuration context
2. Navigate to Services / Microsoft Exchange / / Administrative Groups / Exchange Administrative Group (FYDIBOHF23SPDLT) / Databases
3. Delete the failed database
To rehome the mailboxes that recides in the failed database use the following command:
Get-Mailbox -Database | Set-Mailbox -Database
thx for the reply, actually i have fixed it by using the command Set-mailbox to relocate the arbitration mailboxes. then I can sucessfully remove the DB via EMC.
Excellent, nice to hear that you solved it. Thanks for posting you solution!
I solved the problem of a deleted discoverymailboxuser by undeleting the account in AD. The tombstone live time was not over, so this was the quickest option.
http://www.petri.co.il/recovering-deleted-items-active-directory.htm
After that, you might have to reassociate the discovery mailbox to the restored user or recreate the mailboxes:
http://mostlyexchange.blogspot.com/2011/12/exchange-2010-sp2-upgrade-issue-with.html
hth,
Markus
Awesome article! Used it to “recreate” the arbitration mailboxes that were on a corrupted database. Very nice! :)
Great to hear that you found it helpfull, thanks for reading and commenting!