DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 941018 - Last Review: September 3, 2013 - Revision: 8.0

On This Page

INTRODUCTION

Daylight saving time is a system to set clocks ahead so that both sunrise and sunset occur at a later hour. The effect is more daylight in the evening. Many countries observe daylight saving time. Most of these countries have their own rules and regulations for when daylight saving time begins and ends.

The dates of daylight saving time (DST) may change from year to year. Microsoft Outlook users have to update their Outlook calendar every time that the DST rules change. The dates between the previous DST rules and the current DST rules are referred to in this article as the "extended DST period."

This article describes the actions that you can take to address calendar items in Outlook that occur during the extended DST period. This article also describes the actions that you should take to update calendar items that are stored in Microsoft Exchange Server according to the new DST rules. The solution that is presented in this article involves the Microsoft Exchange Calendar Update Tool (“the Exchange tool”).

For more information about how to prepare for changes in daylight saving time in 2007 (DST 2007) for all affected Microsoft products, visit the following Microsoft Web site:
http://support.microsoft.com/gp/cp_dst (http://support.microsoft.com/gp/cp_dst)
In 2011, the Russian government adopted a law to cancel Daylight Saving Time (DST). For more information, visit the following Microsoft Web site:
http://support.microsoft.com/gp/cp_dst#tab0 (http://support.microsoft.com/gp/cp_dst#tab0)
For more information in Russian, visit the following Microsoft Web site:
http://support.microsoft.com/gp/cp_dst/ru#tab0 (http://support.microsoft.com/gp/cp_dst/ru#tab0)

More information

About the Exchange tool

After you install the DST updates for Microsoft Windows, all old appointments that occur during the DST change periods will be incorrectly displayed as occurring one hour later. This is true for both recurring and single-instance appointments. You must update these appointments so that they will be displayed correctly in Outlook, in Microsoft Office Outlook Web Access, and in applications that are based on Collaboration Data Objects (CDO).

Outlook provides a tool that is named the Time Zone Data Update Tool for Microsoft Office Outlook ("the Outlook tool"). This tool enables users to update their own calendars.

For more information about the Time Zone Data Update Tool, click the following article number to view the article in the Microsoft Knowledge Base:
931667  (http://support.microsoft.com/kb/931667/ ) How to address the daylight saving time changes in 2007 by using the Time Zone Data Update Tool for Microsoft Office Outlook
The Exchange Calendar Update Tool ("the Exchange tool") helps you avoid the difficulties that administrators face in deploying the Outlook tool widely to all users and in making sure that each user runs the Outlook tool correctly.

High-level description of the Exchange tool

The Exchange tool consists of two separate executable files. These files are described in the following table.
Collapse this tableExpand this table
File name Description
Msextmz.exe This executable file extracts time zone information from mailboxes on a server that is running Exchange Server. This executable file also updates mailbox calendars for a specified list of users.
Msextmzcfg.exe This executable file is a configuration tool that performs most of the steps that are involved in updating an Exchange Server server.

About the new version of the Exchange tool

Based on customer feedback, a new version of the Exchange tool was released on August 13, 2007. This article refers to the new version of the Exchange tool. If you are running an older version of the Exchange tool, uninstall it, and then install the new version.

The new version of the Exchange tool includes the following improvements:
  • The time zone extraction and calendar update processes are sped up fourfold.
  • The user interface for the configuration tool is more streamlined and intuitive.
  • The ability to update conference rooms and resource mailboxes is now built into the configuration tool.
  • The ability to update user mailboxes is now built into the configuration tool.
  • A troubleshooting document is now included with the Exchange tool, and it is integrated into the configuration tool.
  • The time zone extraction algorithm and error handling capabilities are improved.
  • The logging process is more user-friendly.

Risk of running the Exchange tool

When you run the Exchange tool, there is a risk that single-instance appointments may not be updated correctly. For example, single-instance appointments that a user created after the operating system was updated may be updated incorrectly.

To reduce this risk, use one of the following methods:
  • Reduce the interval between the time that you update client computers and the time that you update mailbox calendars.
  • If computers in the organization were updated a long time ago, use the Only Update Recurring Meetings setting in Advanced settings.

    Typically, people do not create single-instance appointments many months in advance. Therefore, if the DST updates were installed many months before, most of the single-instance meetings that fall into the extended DST period will have been created by using the new DST transition rules. These meetings do not have to be updated.
  • If you know the exact date when all the client computers were updated, use the Operating System Patch Date setting in Advanced settings. If a date is specified, single-instance appointments that were created after that date are not updated by the Exchange tool.
Note If you run the Outlook tool or the Exchange tool on a client computer that is running Windows Vista, and you run the tool against mailboxes where the home time zone is New Zealand Standard Time, you must run the tool a second time on or after January 1, 2008. For more information, see the "Known issues" section.

Options to update mailboxes

The following table lists five options that you can use to update user mailboxes to use the DST 2007 time zone rules.
Collapse this tableExpand this table
Option Pros Cons
Distribute the Outlook tool to each user, and then instruct users to update their own mailboxes. This option avoids the risk that is associated with running the Exchange tool. It is difficult to guarantee that all users will run the Outlook tool correctly and in a timely manner.

Users who do not have Outlook will be unable to run the Outlook tool.

You must make an additional educational effort to lessen confusion for users.
Run the Exchange tool against all affected users and servers. This option provides a streamlined experience for users. There is a risk associated with running the Exchange tool, as described in the "Risk of running the Exchange tool" section.
Run the Exchange tool to update only recurring appointments. Let users update single-instance appointments in their own mailboxes by using the Outlook tool. There is less risk of single-instance appointments being incorrectly updated. The cons of running the Outlook tool are combined with the cons of running the Exchange tool.
Run neither the Exchange tool nor the Outlook tool. Ask users to examine their calendars and to re-book appointments as needed. This option avoids the risk that is associated with running the Exchange tool. Unless all users re-book all affected appointments, some calendar items will be one hour off during the extended DST period.

You must make an additional educational effort to lessen confusion for users.
Distribute the Outlook tool to each user, and then instruct users to update their own mailboxes. Then, use the Time Zone Extraction mode of the Exchange tool to determine whether users are running the Outlook tool.

If the users are not running the Outlook tool, the administrator can run the Exchange tool.
This option reduces the risk of users not running the tool in a timely manner, and it avoids the risk that is associated with running the Exchange tool. This is not an option if users are running Microsoft Office Outlook 2007.

How to install the Exchange tool

The Exchange Calendar Update Tool is available for download in the form of a self-extracting executable file (Msextmz.exe). This tool is available for download from the Microsoft Download Center:

Collapse this imageExpand this image
Download
Download the Exchange Calendar Update Tool package now. (http://www.microsoft.com/downloads/details.aspx?FamilyId=27BB0EE2-03AC-4E5B-AEC5-3E878490FCE1&displaylang=en)

A virtual machine is created to help you install and use the Exchange tool. The virtual machine is based on Microsoft Windows Server 2003, Outlook 2007, Microsoft Office Excel 2007, and Microsoft Office Word 2007. The virtual machine works in both Microsoft Virtual PC 2004 and in Microsoft Virtual Server 2005 R2.

For more information about the virtual machine for the Exchange Calendar Update Tool, click the following article number to view the article in the Microsoft Knowledge Base:
933185  (http://support.microsoft.com/kb/933185/ ) A virtual machine is available to help you deploy daylight saving time 2007 calendar updates in an Exchange organization
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591  (http://support.microsoft.com/kb/119591/ ) How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Languages that are supported by the Exchange tool

The Exchange tool is available only in English. The tool will run only on an English (US) computer.

Versions of Exchange Server that are compatible with the Exchange tool

The Exchange tool can update mailboxes on the following versions of Exchange Server:
  • Microsoft Exchange Server 2007 Enterprise Edition
  • Microsoft Exchange Server 2007 Standard Edition
  • Microsoft Exchange Server 2003 Enterprise Edition
  • Microsoft Exchange Server 2003 Standard Edition
  • Microsoft Exchange 2000 Server Enterprise Edition
  • Microsoft Exchange 2000 Server Standard Edition

Operating systems that are supported by the Exchange tool

The Exchange tool will run on the 32-bit versions of the following operating systems:
  • Microsoft Windows Server 2003
  • Microsoft Windows XP
  • Windows Vista

What to do before you run the Exchange tool

Install updates

Before you run the Exchange tool, make sure that client and server computers are updated correctly. To do this, install the Windows DST update on clients and on servers. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
942763  (http://support.microsoft.com/kb/942763/ ) December 2007 cumulative time zone update for Microsoft Windows operating systems

If you are running Microsoft Exchange Server 2003 Service Pack 2 (SP2), install one or both of the following updates, as appropriate for your organization:
  • Update 911829
  • Update 924334
For more information about these updates, click the following article numbers to view the articles in the Microsoft Knowledge Base:
911829  (http://support.microsoft.com/kb/911829/ ) You receive an error message when you try to perform any editing tasks, or you must click to enable the compose frame in Outlook Web Access
924334   (http://support.microsoft.com/kb/924334/ ) The Compose Message form stops responding after you install Internet Explorer 7.0 and the S/MIME control on an Outlook Web Access client in Exchange Server 2003
If users are within the Jerusalem, Central Brazilian, or E. South American time zone, please read the guidance in the following Microsoft Knowledge Base article:

943390  (http://support.microsoft.com/kb/943390/ ) Some Outlook calendar items are rebased incorrectly when you use the Outlook Time Zone Data Update Tool to adjust for daylight saving time changes in certain time zones

Verify the system requirements

You must run the Exchange tool only on a computer for which the following conditions are true:
  • The computer has Microsoft Office Outlook 2003 Service Pack 2 (SP2) or Microsoft Office Outlook 2007 installed.
  • The computer has the Outlook Time Zone Data Tool installed.
  • Microsoft .NET Framework version 2.0 is installed on the client computer.
You cannot run the Exchange tool on a computer that is running Exchange Server or the Exchange System Management tools. If you try to install the Exchange tool on a computer that is running Exchange Server or the Exchange System Management tools, you receive the following error message:
Microsoft Exchange Calendar Update Tool cannot be installed with Microsoft Exchange.

Verify permissions and other user requirements

Verify that the following conditions are true:
  • Administer Information Store permissions on each Exchange Server message database (MDB) are updated.
  • Send As permissions for all mailboxes are updated.
  • Full Mailbox Access permissions for all mailboxes are updated.
  • Local administrator permissions are granted on the computer that is running the Exchange tool.

About the "Grant Mailbox Permission" script

You can use the sample GrantMailboxPermission.vbs script to grant a domain user Full Mailbox Access and Send As permissions to all mailboxes.

This script can be run only by an Exchange Server administrator on a computer that is running Exchange 2000 Server or Exchange Server 2003. This script cannot be run on a computer that is running Exchange Server 2007. However, you can use the Exchange Management Shell to grant the required permissions.

The code for the .vbs script is provided in the "References" section. The following table describes the two modes in which this script runs.
Collapse this tableExpand this table
Mode Command Description
Add CScript GrantMailboxPermission.vbs –add Domain_Name \ User_Name File_Name This command grants the Domain_Name \ User_Name user Full Mailbox Access and Send As permissions to the user mailboxes that are listed in the input file.

The input file must be a text file that contains the legacy domain names of the user mailboxes. These names must be delimited by Carriage Return + Line Feed (CRLF).

The script generates a GrantMailboxPermission.log file. This file is a record of the mailboxes that were processed. The first line of the log file is the Domain_Name \ User_Name user who is granted access. Do not delete this file. This file is used in the Remove mode.

If an explicit "deny" access is assigned to the user, the script logs the information in a file that is named "GrantMailboxPermission.err." The script will not grant or change the permission.

If the user is part of a security group that has been assigned "deny" access, the script grants Full Mailbox Access and Send As permissions. However, the user will be unable to log on to the mailbox. All errors will be logged in the GrantMailboxPermission.err file.
Remove CScript GrantMailboxPermission.vbs –removeThis command removes Full Mailbox Access and Send As permissions to the mailboxes that are listed in the GrantMailboxPermission.log file from the Domain_Name \ User_Name user. The Domain_Name \ User_Name user is specified in the GrantMailboxPermission.log file.
Notes
  • When you run this script on the computer that is running Exchange Server, the script returns a period character (.) when the script successfully processes a user. The script returns an exclamation point character (!) when the script does not successfully process a user.
  • The output file of the Time Zone Extraction mode cannot be used as an input file for this script. To create the input file for this script, paste the contents of the Time Zone Extraction mode output file into Notepad, save the contents as a new document, and then use the new document as the input file.

How to use the Exchange tool

To use the Exchange tool, start the Exchange Calendar Update Configuration Tool (Msextmzcfg.exe). This program will help you with the whole process of updating calendars.

Run the time zone extraction process

To update mailbox calendars, you must determine the time zone of the calendars. The time zone extraction process examines the properties and the appointments of the mailbox calendars to determine their time zones. To run the time zone extraction process, follow these steps:
  1. At the welcome page, click Next.

    Note The welcome page introduces you to the configuration tool and discusses the permissions that are required to run the tool. The page also provides a link to this article.
  2. Specify the settings for the configuration tool. We recommend that you allocate at least 200 megabytes (MB) of disk space to logging.

    If you to want to change the default settings, click Advanced Settings. For more information about the advanced settings, see the table that follows this procedure.
  3. Select the Exchange servers in the local Active Directory directory service forest that you want to update. Then, click Next to start the time zone extraction process.

    Note If you have already performed time zone extraction, you can skip this step by clicking Skip.

    Notice that a status bar, a link to the output log, and a real-time display of the time zone extraction process are displayed. After the time zone extraction process is complete, click Next.

    If errors were encountered, a link to the troubleshooting document is displayed.
  4. Configure the Mailboxes with No Time Zones page, and then click Next to scan calendar items.

    Note If the tool finds users who do not have mailbox level properties that indicate their time zone, the tool scans actual meetings and appointments inside those calendars to determine the time zone. You can specify the number of calendar items through which you want the configuration tool to scan. The larger the number of items that you specify, the longer the scan will take.
  5. In the Resolve unknown time zone display names page, the tool prompts you to map time zones that the tool does not recognize to a known operating system time zone. After you do this, click Next
  6. If the configuration tool finds users who have multiple time zones, you are prompted to manually resolve the conflict by specifying one time zone with which to update the user’s calendar. After you do this, click Next.
  7. In the Save Mailbox DNs with Unresolved Time Zones page, any remaining users who still have no time zone information or who still have conflicting time zone information are recorded in a separate log file. Click Next.
The time zone extraction process is now complete. The list of users and of extracted time zones is located in the output file (Output.txt) in the installation directory.

Advanced settings

The following table describes the advanced settings that you can configure in step 2 of the previous procedure.
Collapse this tableExpand this table
SettingFunctionalityScenarioConsiderationsApplicability
Update Recurring Meetings OnlyThis setting updates only recurring meetings that are affected by the DST change. Single-instance appointments that fall in the extended DST period are not updated regardless of whether they should be updated.If computers in the organization were updated a long time ago, use this setting.

Typically, people do not create single-instance appointments many months in advance. Therefore, if the DST updates were installed many months before, most of the single-instance meetings that fall into the extended DST period will have been created by using the new DST transition rules. These meetings do not have to be updated.
If a user created a single-instance meeting many months in advance, this meeting is not updated if this setting is specified.This setting applies to all mailboxes, to all conference rooms, and to all user calendars.
Operating System Patch Installation DateThis setting specifies that single-instance appointments that are created or updated after the date that you specify are not updated.If you know the exact date when all the client computers were updated, use this setting.

When you do this, meetings that are created after the update is installed are not updated. These meetings fall under the new time zone rules.
This setting is effective only when the client computers were all updated within fewer than 24 hours, and when there is high penetration of the update. (There is high penetration when the percentage of computers in the organization that have been updated is in the high 90-percent range.)

Additionally, administrators can specify only one update date. Meetings that are created in time zones that correspond to specific updates and to specific sets of time zones must be updated.

The implication for conference rooms is that only updated conference rooms are in the specific time zones.

The implication for user mailboxes is that if the SuppressExchange setting or the SuppressAll setting is not specified, only user mailboxes that belong to the specific time zones are updated.
This setting applies to all mailboxes, to all conference rooms, and to all user calendars.
SuppressExchange and MaxDepthThese settings cause all appointments in a user’s calendar that are affected by the DST change to be updated regardless of whether the user is the organizer of those calendar items.

If the user is the organizer of a calendar item, updates are not sent to attendees who have Exchange mailboxes. Updates are sent to attendees who do not have Exchange mailboxes.

The MaxDepth setting specifies the level of distribution list expansion that is performed to determine which attendees have Exchange mailboxes and which attendees do not.
Use this setting if you do not want Exchange users to receive meeting updates from organizers for meetings that are affected by the extended DST period.

The SuppressExchange setting is better than the SuppressAll setting if the organization has non-Exchange Server calendar systems and if meetings are scheduled to include attendees that are external to the organization.
No meeting updates are sent, except to non-Exchange users. Therefore, to make sure that copies of the same meeting are updated for all possible attendees, every mailbox in the organization must be updated.

This condition may significantly increase the number of mailboxes that have to be updated. Therefore, processing times may be increased.

When large, nested distribution lists are on the attendee list, it is a costly process to determine the attendees for a meeting and to determine whether those attendees have Exchange mailboxes. If you specify this setting and set a high value for the MaxDepth parameter, a significant load may be put on the domain controllers.
This setting applies only to user mailboxes.
SuppressAllThis setting causes all appointments in a user’s calendar that are affected by the DST change to be updated regardless of whether the user is the organizer of those calendar items.

If the user is the organizer of a calendar item, updates are not sent to attendees.
Use this setting if you do not want attendees to receive meeting updates from organizers for meetings that are affected the extended DST period.No meeting updates are sent. Therefore, to make sure that copies of the same meeting are updated for all possible attendees, every mailbox in the organization must be updated.

This condition may significantly increase the number of mailboxes that have to be updated. Therefore, processing times may be increased.

Attendees who do not have Exchange mailboxes do not receive updates. Their appointments may not be updated, depending on the e-mail system that they are running and depending on the actions that their administrator takes.
This setting applies only to user mailboxes.

Update conference rooms and resource mailboxes

You must update conference rooms and resource mailboxes to avoid booking conflicts. To do this, follow these steps:
  1. On the Specify Resource and Conference Room Calendars page, type or paste the list of aliases of conference rooms in your organization. Click Resolve to validate the aliases, and then click Next.
  2. On the Resolve Time Zones for Resource and Conference Room Calendars page, the tool prompts you to manually specify the time zone for a conference room if the conference room does not have a time zone. Do this, and then click Next.
  3. A reminder page is displayed to remind you that the tool is about to update calendars. Click Next.
  4. Notice that a status bar, a link to the output log, and a real-time display of the output of the tool are displayed. Click Next.

    If errors are encountered, a link to the troubleshooting document is displayed at the bottom of this page.

Update the user mailbox calendar

To do this, follow these steps:
  1. On the Settings for Updating User Mailbox Calendars page, configure the settings for the update.

    If you have not specified the SuppressExchange or SuppressAll advanced settings, select the time zones that are affected by DST. Otherwise, select all time zones.

    Click Next.
  2. A reminder page is displayed to remind you that the tool is about to update calendars. Click Next.
  3. Notice that a status bar, a link to the output log, and a real-time display of the output of the tool are displayed. After the update is complete, click Next.

    If errors are encountered, a link to the troubleshooting document is displayed at the bottom of this page.
  4. Click Finish.

Exchange tool log files and subdirectories

Log files

The Exchange tool creates the following log files in the installation directory:
  • Output.txt

    This file contains a list of all user mailboxes that were extracted together with their time zone information.
  • TimeZoneExtraction.log

    This log contains the combined output of the time zone extraction process for all servers.
  • ResourceUpdate.log

    This log contains the output of the update process for the conference rooms and for the resource mailboxes.
  • UserUpdate.log

    This log contains the combined output of the user mailbox update process for all servers.
  • CalendarScan.log

    This log contains the combined output of the calendar scan process for all servers.
  • ConflictUsers.txt

    This log contains a list of users who have conflicting time zones. For example, the users' mailbox properties indicate that they belong to multiple time zones.
  • NonExistent.txt

    This log contains a list of users who have no time zone information.

Subdirectories

The Exchange tool creates the following subdirectories in the installation directory:
  • Resource

    This is the working subdirectory for the update process for the conference rooms and for the resource mailboxes. This directory contains the following files:
    • Msextmz.log

      This is the output file of the Exchange tool for the update process.
    • Errors.txt

      This file contains the list of mailboxes.
    • Processed.txt

      This file contains the list of mailboxes that were successfully updated.
    Note All working subdirectories contain these files.

    The Resource subdirectory also contains the following subdirectory:
    • LogFiles

      This subdirectory contains update logs for each mailbox that was successfully updated. Each update log should contain a list of meetings that were updated.
  • Server_Name

    There is one subdirectory for each server on which the time zone extraction process or a calendar update was performed. These subdirectories contain the following subdirectories:
    • CalendarScan

      This is the working subdirectory for the calendar scan process.
    • Extract

      This is the working subdirectory for the time zone extraction process.
    • Update

      This is the working subdirectory for the user mailbox update process. It contains the following subdirectory:
      • LogFiles

        This subdirectory contains update logs for each mailbox that was successfully updated. Each update log should contain a list of meetings that were updated.

What to do after you run the Exchange tool

After you finish running the Exchange tool against all Exchange servers in your environment, apply the appropriate Exchange Server DST updates. The following list is organized by Exchange Server version and service pack level. Install the updates for your version of Exchange Server in order.

Exchange Server 2007
940006  (http://support.microsoft.com/kb/940006/ ) Description of Update Rollup 4 for Exchange Server 2007
Update Rollup 4 for Exchange Server 2007 includes the following DST fixes:
  • 937656  (http://support.microsoft.com/kb/937656/ ) You experience problems in Outlook Web Access for Exchange 2007 after daylight saving time (DST) starts in New Zealand in 2007
  • 932561  (http://support.microsoft.com/kb/932561/ ) Appointments that are sent from one Exchange organization to another by using Exchange 2007 may be incorrect by one hour if one organization is in the Western Australia time zone
Exchange Server 2003 SP2
926666  (http://support.microsoft.com/kb/926666/ ) Update for daylight saving time changes in 2007 for Exchange 2003 Service Pack 2
931915  (http://support.microsoft.com/kb/931915/ ) Update for daylight saving time changes in Newfoundland in 2007 for Exchange Server 2003 Service Pack 2
929895  (http://support.microsoft.com/kb/929895/ ) Appointments that are sent between different Exchange Server organizations may be incorrect by one hour when one of the organizations is in the Western Australia time zone
937653  (http://support.microsoft.com/kb/937653/ ) You experience one or more issues in Exchange Server 2003 after the daylight saving time period for New Zealand changes in 2007
Exchange Server 2003 SP1
940123  (http://support.microsoft.com/kb/940123/ ) You experience problems in Exchange 2003 Service Pack 1 after daylight saving time (DST) starts in New Zealand in 2007

Known issues

  • Recurring meetings that are created in Outlook Web Access are not updated by the Exchange tool

    If you install the Exchange Server updates on the Exchange server before you update the mailboxes, recurring meetings that are created in Outlook Web Access are not updated by the Exchange tool.

    To resolve this problem, remove the Exchange Server updates, run the Exchange tool, and then reinstall the Exchange Server updates on the Exchange server.
  • Exchange 2007 must be restarted after you run the Exchange tool

    To correctly display calendar items, you must restart the Exchange services after you run the Exchange tool for Outlook Web Access in Exchange 2007.
  • You cannot install the Exchange tool

    The Exchange tool is not installed successfully if either of the following registry keys exists:
    • HKEY_CLASS_ROOT\Outlook.Application.9
    • HKEY_CLASS_ROOT\Outlook.Application.10
    In this scenario, you receive the following error message when you try to install the Exchange tool:
    Exchange Server Calendar Rebasing Tool cannot be installed with this version of Microsoft Outlook.
    To work around this issue, delete these registry keys, install the Exchange tool, and then restore the registry keys.

    Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
    322756  (http://support.microsoft.com/kb/322756/ ) How to back up and restore the registry in Windows
  • There is a limit on the number of mailboxes that can be processed per server

    In User List mode and in Time Zone Extraction mode, Msextmz.exe can process only 65,535 mailboxes on a server. If the server has more than 65,535 mailboxes, some mailboxes are not processed.
  • Public Folder calendars are not updated

    The Exchange tool does not update Public Folder calendars. For information about how to update a Public Folder calendar, see the documentation for the Outlook tool.
  • You can run the Outlook tool and the Exchange tool in the same environment

    If you run the Exchange tool on a mailbox that has already been updated by the Outlook tool, or vice versa, you experience no side effects. However, if you run the Exchange tool, there is no need for users to run the Outlook tool separately.
  • Non-meeting reminders appear later than expected

    Non-meeting reminders for mailboxes that are updated by the Exchange tool are not updated if Outlook has never connected to the mailbox in Online mode. In this situation, reminders appear one hour later than expected.

    If Outlook has never connected in Online mode, you must adjust the incorrect reminders for calendar appointments that the Outlook tool finds. Additionally, the reminders search folder does not exist in the mailbox. Therefore, the tool does not update e-mail items, contacts, or other reminders.

    For example, the tool does not update the reminder on an e-mail item to follow up at a time in the future. The tool also does not update the reminder on a task item that has a reminder.
  • You receive an error message: “Unable to install because previous versions of 'Microsoft Exchange Calendar Update Tool' were detected. Please uninstall them and run this setup again”

    If you previously installed Exchange Calendar Update Tool version 1.0, you must uninstall this version before you install Exchange Calendar Update Tool version 2.0.

    Exchange Calendar Update Tool version 1.0 was distributed as a self-extracting executable file that contained two .msi packages (Msextmz.msi and Msextmzcfg.msi). You must uninstall both packages before you install version 2.0 of the Exchange tool.

    If you still experience problems when you install version 2.0 of the Exchange tool, try reinstalling and then uninstalling version 1.0 of the Exchange tool. Do this by using the .msi packages instead of by using the Add or Remove Programs feature in Control Panel. Then, restart your computer, and then install version 2.0 of the Exchange tool.

    If this procedure does not work, extract the binaries directly from the .msi packages.
  • When you run the Outlook or Exchange update tools, appointments are off by one hour on mailboxes where the home time zone is New Zealand Standard Time

    This behavior occurs when the following scenarios are true:
    • You run the Outlook or Exchange update tools on a computer that is running Windows Vista.
    • The home time zone of the mailboxes that are being updated is New Zealand Standard Time.
    To work around this issue, you must run the Outlook or Exchange update tools against the mailboxes a second time on or after January 1, 2008.

    This behavior occurs because Windows Vista handles time zone information differently than other versions of Windows do. If you do not run the Outlook or Exchange update tools again on or after January 1, 2008, all appointments in the second DST event will be off by one hour. The second DST event includes dates from March 16, 2008 through April 6, 2008.

    If you do not want to wait until January 1, 2008 to update appointments in the second DST event, you can run the Outlook or Exchange update tools from a computer that is running Windows XP or Windows Server 2003.
  • A date that is in the MM/DD/YYYY format is changed to the M/DD/YYYY format

    You set the Operating System Patch Date option in the Exchange Calendar Update Tool. When you do this, the Exchange Calendar Update Tool does not function correctly. This issue occurs because the date format MM/DD/YYYY is changed to M/DD/YYYY.

    Additionally, an error message that resembles the following error message is logged in the error log:
    [28/02/2008 7:10:21 AM][776]:wmain:Failed to read configuration - error 0x80070057.
    This issue occurs because of an incorrect option setting in the following section of the sample Mailboxes.server.ini file.
    ServerDN = /O=OrgName/OU=AdminGroup/cn=Configuration/cn=Servers/cn=ServerName 
    LogDirectory = C:\Program Files\MSExTmz\ServerName\Update\LogFiles\ 
    ErrorFile = C:\Program Files\MSExTmz\ServerName\Update\errors.ServerName.txt 
    ProcessedFile = C:\Program Files\MSExTmz\ServerName\Update\processed.ServerName.txt 
    LogFile = C:\Program Files\MSExTmz\ServerName\Update\msextmz.ServerName.log 
    SystemPatchDate = 2/28/2008  
    DebugFile = C:\Program Files\MSExTmz\debug\ServerName.debug.bin 
    PerMailboxTimeLimit = 15 
    PostMailboxDelay = 0 
    RebaseOptions = 171 
    InputFile = C:\Program Files\MSExTmz\ServerName\Update\Mailboxes.ServerName.txt 
    
    Notice that the "SystemPatchDate" line contains the date "2/28/08." This date should be in the DD/MM/YYYY format.

    To work around this issue, do not use the Operating System Patch Date option.

References

The "Grant Mailbox Permission" script

Option Explicit
' For FileSystemObject
Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8
Const TristateTrue = -1
Const TristateUseDefault = -2
Const TristateFalse = 0

'Permission Type: Allow or Deny
Const ADS_ACETYPE_ACCESS_ALLOWED = &H0
Const ADS_ACETYPE_ACCESS_DENIED = &H1
Const ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = &H5
Const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &H6

Const ADS_ACEFLAG_INHERIT_ACE = &H2
Const ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE = &H4
Const ADS_ACEFLAG_INHERIT_ONLY_ACE = &H8
Const ADS_ACEFLAG_INHERITED_ACE = &H10
Const ADS_ACEFLAG_VALID_INHERIT_FLAGS = &H1f
Const ADS_ACEFLAG_SUCCESSFUL_ACCESS = &H40
Const ADS_ACEFLAG_FAILED_ACCESS = &H80

'Declare ADSI constants
Const ADS_SCOPE_SUBTREE = 2
Const ADS_OPTION_SECURITY_MASK = 3
Const ADS_OPTION_REFERRALS	= 1
Const ADS_SECURITY_INFO_DACL = 4
Const ADS_CHASE_REFERRALS_NEVER = &h00 
Const ADS_CHASE_REFERRALS_SUBORDINATE = &h20 
Const ADS_CHASE_REFERRALS_EXTERNAL = &h40

'Microsoft Exchange Server
Const EX_MB_SEND_AS_ACCESSMASK  = &H00100
Const EX_FULLMAILBOX_ACCESSMASK = 1
Const EX_MB_SEND_AS_GUID = "{AB721A54-1E2F-11D0-9819-00AA0040529B}"

'Application Parameter Index
Const ARG_INDEX_MODE = 0
Const ARG_INDEX_USERNAME = 1
Const ARG_INDEX_FILENAME = 2
Const MIN_ARG = 1

Const MODE_INVALID = -1 
Const MODE_ADD = 0
Const MODE_REMOVE = 1

Const ADD = "-ADD"
Const REMOVE = "-REMOVE"

'Application Const String
Const EMPTYSTRING = ""
Const ERROR_FILENAME = "GrantMailboxPermission.err"
Const OUTPUT_FILENAME = "GrantMailboxPermission.log"
Dim OUTPUT_DELIMITER
OUTPUT_DELIMITER = vbTab

'Logging file
Dim objFSO
Dim objfileError
Dim objfileOutput
Dim objfileImport
Dim objconn
Dim objCommand
Dim rootDSE
Dim sDomainContainer
Dim sUserLDAPPath
Dim objUser
Dim objSDNTsecurity
Dim objDACLNT
Dim objDACLEX
Dim objSDMailbox
Dim fFMA
Dim fSendAs
Dim AccessTypeForFMA
Dim AccessTypeForSendAS
Dim fAddedFMA
Dim fAddedSendAs
Dim fRemovedFMA
Dim fRemovedSendAs
Dim sArraySplit
Dim sOneRow
Dim sGrantedUser
Dim dArgCount
Dim cScriptMode
Dim dArgExpected
Dim fOneError

On Error Resume Next
'Parameter Verification
dArgCount = Wscript.Arguments.Count
If (dArgCount < MIN_ARG) Then
	DisplaySyntax
End If

cScriptMode = MODE_INVALID
Select Case UCase(WScript.Arguments(ARG_INDEX_MODE))
	Case ADD
		cScriptMode = MODE_ADD
		dArgExpected = ARG_INDEX_FILENAME + 1
	Case REMOVE
		cScriptMode = MODE_REMOVE
		dArgExpected = ARG_INDEX_MODE + 1
	Case Else
		cScriptMode = MODE_INVALID
End Select

If (cScriptMode = MODE_INVALID Or dArgCount <> dArgExpected) Then
	DisplaySyntax
End If

If (cScriptMode = MODE_ADD) Then
	sGrantedUser = WScript.Arguments(ARG_INDEX_USERNAME)
	If (IsValidUserName(sGrantedUser) = False) Then
		DisplaySyntax
	End If
End If

CreateImportExportFiles

If (cScriptMode = MODE_ADD) Then
	err.Clear
	
	'Prepare LDAP connection.
	Set objconn = CreateObject("ADODB.Connection")
	Set objCommand = CreateObject("ADODB.Command")
	objconn.Provider = "ADSDSOObject"
	objconn.Open "ADs Provider"
	If (err.number <> 0) Then
		WScript.StdOut.WriteLine("Failed to bind to Active Directory server, error:" & err.Description)
		objfileError.WriteLine("Failed to bind to Active Directory server, error:" & err.Description)
		WScript.Quit
	End If
		
	Set rootDSE = GetObject("LDAP://rootDSE")
	sDomainContainer = rootDSE.Get("defaultNamingContext")
	If (err.number <> 0) Then
		WScript.StdOut.WriteLine("Failed to find a Domain Container:" & err.Description)
		objfileError.WriteLine("Failed to find a Domain Container:" & err.Description)
		WScript.Quit
	End If
		
	Set objCommand.ActiveConnection = objconn

	Do While objfileImport.AtEndOfStream <> True
		fOneError = False
		sUserLDAPPath = EMPTYSTRING
		err.Clear

		sOneRow = Trim(objfileImport.ReadLine)
		If sOneRow <> EMPTYSTRING Then
		
		    sUserLDAPPath = GetLDAPPathFromLegacyDN(sOneRow)
		    If (err.number <> 0) Then
			    objfileError.WriteLine("Failed to get user's LDAP path from " & sOneRow)
			    fOneError = True
			    err.Clear
		    End If

		    If (fOneError = False) Then
			    Set objUser = GetObject(sUserLDAPPath)
			    If (err.number <> 0) Then
				    objfileError.WriteLine("Failed to get user object from " & sUserLDAPPath)
				    objfileError.WriteLine("Error: " & err.Description)
				    fOneError = True
				    err.Clear
			    End If
		    End If
    	
		    If (fOneError = False) Then
			    Set objSDMailBox = objUser.MailboxRights
			    Set objDACLEX = objSDMailbox.DiscretionaryAcl
			    Set objSDNTsecurity = objUser.ntSecurityDescriptor
			    Set objDACLNT = objSDNTsecurity.DiscretionaryAcl
			    If (err.number <> 0) Then
				    objfileError.WriteLine("Failed to get DACL of " & sUserLDAPPath)
				    objfileError.WriteLine("Error: " & err.Description)
				    fOneError = True
				    err.Clear
			    End If
		    End If

		    ' Verify Full Mailbox Access and Send As permissions.
		    fFMA = False
		    fSendAs = False
		    AccessTypeForFMA = ADS_ACETYPE_ACCESS_ALLOWED
		    AccessTypeForSendAS = ADS_ACETYPE_ACCESS_ALLOWED

		    If (fOneError = False) Then
			    CheckFullMailboxAccess objDACLEX, sGrantedUser, fFMA, AccessTypeForFMA
			    CheckSendAs objDACLNT, sGrantedUser, fSendAs, AccessTypeForSendAS
			    If (err.number <> 0) Then
				    objfileError.WriteLine("Failed to Check permission of " & sUserLDAPPath)
				    objfileError.WriteLine("Error: " & err.Description)
				    fOneError = True
				    err.Clear
			    End If
		    End If

		    'If Send As or Full Mailbox Access permissions do not exist, add these permissions.
		    If ( (AccessTypeForFMA = ADS_ACETYPE_ACCESS_DENIED) Or (AccessTypeForSendAs = ADS_ACETYPE_ACCESS_DENIED_OBJECT) ) Then
			    'If Deny access is already granted, do not add permissions for this user.
			    objfileError.WriteLine("Deny permission already added: " & sUserLDAPPath)
			    fOneError = True
		    End If
    		
		    If ( fOneError = False And ((fFMA = False) Or (fSendAs = False)) ) Then
			    fAddedFMA = False
			    fAddedSendAs = False
    			
			    If (fFMA = False) Then
				    'Add Full Mailbox Access permissions.
				    err.Clear
				    AddAce objDACLEX, sGrantedUser, EX_FULLMAILBOX_ACCESSMASK, ADS_ACETYPE_ACCESS_ALLOWED, ADS_ACEFLAG_INHERIT_ACE, 0,0,0
				    objSDMailbox.DiscretionaryAcl = objDACLEX
				    objUser.MailboxRights = Array(objSDMailbox)
				    If ( err.number <> 0 ) Then
					    objfileError.WriteLine("Failed to add FullMailbox Access: " & sUserLDAPPath)
					    objfileError.WriteLine("Error: " & err.Description)
					    fOneError = True
					    fAddedFMA = False
					    err.Clear
				    Else
					    fAddedFMA = True
				    End If
			    End If
    			
			    If (fSendAs = False) Then
				    'Add Send As permissions.
				    err.Clear
				    AddAce objDACLNT, sGrantedUser, EX_MB_SEND_AS_ACCESSMASK, ADS_ACETYPE_ACCESS_ALLOWED_OBJECT, 0,1, EX_MB_SEND_AS_GUID, 0
				    objSDNTsecurity.DiscretionaryAcl = objDACLNT
				    objUser.Put "ntSecurityDescriptor", Array( objSDNTsecurity )
				    objUser.SetOption ADS_OPTION_SECURITY_MASK, ADS_SECURITY_INFO_DACL
				    If ( err.number <> 0 ) Then
					    objfileError.WriteLine("Failed to add SendAs permission: " & sUserLDAPPath)
					    objfileError.WriteLine("Error: " & err.Description)
					    fOneError = True
					    fAddedSendAs = False
					    err.Clear
				    Else
					    fAddedSendAs = True
				    End If
			    End If

			    If (fOneError = False ) Then 
				    objUser.SetInfo
				    If (err.number <> 0) Then
					    objfileError.WriteLine("Failed to update user: " & sUserLDAPPath)
					    objfileError.WriteLine("Error: " & err.Description)
					    fOneError = True
					    err.Clear		
				    Else
					    'Update logging.
					    objfileOutput.WriteLine(sUserLDAPPath & OUTPUT_DELIMITER & fAddedFMA & OUTPUT_DELIMITER & fAddedSendAs)		
				    End If
			    End If
		    End If

		    Set objUser = Nothing
		    Set objSDNTsecurity = Nothing
		    Set objDACLNT = Nothing
		    Set objDACLEX = Nothing
		    Set objSDMailBox = Nothing

		    If (fOneError = True) Then
			    WScript.StdOut.Write("!")
		    Else
			    WScript.StdOut.Write(".")
		    End If
        End If
	Loop

Set rootDSE = Nothing
Set objCommand = Nothing
Set objconn = Nothing

End If

If (cScriptMode = MODE_REMOVE) Then
	'Retrieve the granted user from the first line of the import file.
	sGrantedUser = objfileImport.ReadLine
	If (IsValidUserName(sGrantedUser) = False) Then
		WScript.StdOut.WriteLine("Invalid User in import file. please check import file..")
		objfileError.WriteLine("Invalid User in import file. please check import file..")
		WScript.Quit
	End If
	
	Do While objfileImport.AtEndOfStream <> True
		fOneError = False
		sUserLDAPPath = EMPTYSTRING
		fAddedFMA = False
		fAddedSendAs = False
		fRemovedFMA = False
		fRemovedSendAs = False
		err.Clear

		sOneRow = objfileImport.ReadLine
		sArraySplit = Split(sOneRow, OUTPUT_DELIMITER)

		'The first column is the LDAP path.
		sUserLDAPPath = sArraySplit(0)
		'The second column is Full Mailbox Access permissions.
		fAddedFMA = sArraySplit(1)
		'The third column is Send As permissions.
		fAddedSendAs = sArraySplit(2)

		Set objUser = GetObject(sUserLDAPPath)
		If (err.number <> 0) Then
			objfileError.WriteLine("Failed to get user object from " & sUserLDAPPath)
			objfileError.WriteLine("Error: " & err.Description)
			fOneError = True
			err.Clear
		End If
		
		If ((fOneError = False) And (fAddedFMA = "True")) Then		
			Set objSDMailBox = objUser.MailboxRights
			Set objDACLEX = objSDMailbox.DiscretionaryAcl
			fRemovedFMA = RemoveFullMailboxAccess(objDACLEX, sGrantedUser)
			If (err.number <> 0) Then
				objfileError.WriteLine("Failed to Remove Full MailboxAccess from " & sUserLDAPPath)
				objfileError.WriteLine("Error: " & err.Description)
				fOneError = True
				err.Clear
			End If
			
			If (fRemovedFMA = False) Then
				objfileError.WriteLine("Couldn't find Full mailbox access permission on " & sUserLDAPPath)
			End If
			
			If ((fOneError = False) And (fRemovedFMA = True)) Then
				objSDMailbox.DiscretionaryAcl = objDACLEX
				objUser.MailboxRights = Array(objSDMailbox)
			End If
		End If

		If ((fOneError = False) And (fAddedSendAs = "True")) Then		
			Set objSDNTsecurity = objUser.ntSecurityDescriptor
			Set objDACLNT = objSDNTsecurity.DiscretionaryAcl

			fRemovedSendAs = RemoveSendAs(objDACLNT, sGrantedUser)
			If (err.number <> 0) Then
				objfileError.WriteLine("Failed to Remove SendAs from " & sUserLDAPPath)
				objfileError.WriteLine("Error: " & err.Description)
				fOneError = True
				err.Clear
			End If

			If (fRemovedSendAs = False) Then
				objfileError.WriteLine("Couldn't find SendAs permission on " & sUserLDAPPath)
			End If
			
			If ((fOneError = False) And (fRemovedSendAs = True)) Then
				objSDNTsecurity.DiscretionaryAcl = objDACLNT
				objUser.Put "ntSecurityDescriptor", Array( objSDNTsecurity )
				objUser.SetOption ADS_OPTION_SECURITY_MASK, ADS_SECURITY_INFO_DACL
			End If
		End If

		If ((fOneError = False) And (fRemovedFMA Or fRemovedSendAs)) Then
			objUser.SetInfo
			If (err.number <> 0) Then
				objfileError.WriteLine("Failed to update ADSI for user: " & sUserLDAPPath)
				objfileError.WriteLine("Error: " & err.Description)
				fOneError = True
				err.Clear		
			Else 
				If ( fRemovedFMA Or fRemovedSendAs ) Then
					'Update logging.
					objfileError.WriteLine("Removed Permission from " & sUserLDAPPath & OUTPUT_DELIMITER & fRemovedFMA & OUTPUT_DELIMITER & fRemovedSendAs)
				End If
			End If
		End If

		If (fOneError = True) Then
			WScript.StdOut.Write("!")
		Else
			WScript.StdOut.Write(".")
		End If
	Loop
End If

CloseImportexportFiles

Function IsValidUserName (sUserName)
	Dim dPosition
	dPosition = InStr(1, sUserName, "\")
	If (dPosition = 0 ) Then
		IsValidUserName = False
		objfileError.WriteLine("Invalid User:" & sUserName)
	Else
		IsValidUserName = True
	End If
End Function

Function CheckSendAs (objNTSD, sUser, fSendAs, AccessType)
	Dim intACECount
	Dim objACE
	
	err.Clear
	fSendAs = False
	AccessType = ADS_ACETYPE_ACCESS_ALLOWED
	intACECount = objNTSD.AceCount

	If intACECount Then
		For Each objACE In objNTSD
			err.Clear
			If ( (UCase(objACE.Trustee) = UCase(sUser)) And (objACE.ObjectType = EX_MB_SEND_AS_GUID) ) Then
				fSendAs = True
				AccessType = objACE.AceType
			End If
		Next
	End If	

	If (err.number <> 0) Then
		objfileError.WriteLine("Check SendAs permissions Failed : " & sUser)
		objfileError.WriteLine("Error: " & err.Description)
		err.Clear
		fOneError = True
	End If
	Set objACE = Nothing
End Function

Function CheckFullMailboxAccess (objACL, sUser, fFoundFMA, AccessType)
	Dim intACECount
	Dim objACE

	err.Clear
	fFoundFMA = False
	AccessType = ADS_ACETYPE_ACCESS_ALLOWED
	intACECount = objACL.AceCount
	If intACECount Then
		For Each objACE In objACL
			If ( (UCase(objACE.Trustee) = UCase(sUser)) And ((objACE.AccessMask And EX_FULLMAILBOX_ACCESSMASK) <> 0)) Then
				fFoundFMA = True
				AccessType = objACE.AceType
			End If
		Next
	End If

	If (err.number <> 0) Then
		objfileError.WriteLine("Check FullMailbox permissions Failed : " & sUser)
		objfileError.WriteLine("Error: " & err.Description)
		err.Clear
		fOneError = True
	End If
	Set ObjACE = Nothing
End Function

Function RemoveSendAs (objNTSD, sUser)
	Dim intACECount
	Dim objACE
	Dim fFound
	
	fFound = False
	intACECount = objNTSD.AceCount
	
	If intACECount Then
		For Each objACE In objNTSD
			If ((UCase(objACE.Trustee) = UCase(sUser)) And (objACE.ObjectType = EX_MB_SEND_AS_GUID) ) Then
				objNTSD.RemoveAce objACE
				fFound = True
			End If
		Next
	End If

	RemoveSendAs = fFound		
End Function

Function RemoveFullMailboxAccess (objACL, sUser)
	Dim intACECount
	Dim objACE
	Dim fFound
	
	fFound = False
	intACECount = objACL.AceCount
	
	If intACECount Then
		For Each objACE In objACL
			If((0 <> Instr(UCase(objACE.Trustee), UCase(sUser))) And (objACE.AccessMask And EX_FULLMAILBOX_ACCESSMASK) <> 0) Then
				objACE.AccessMask = (objACE.AccessMask Xor EX_FULLMAILBOX_ACCESSMASK)
				fFound = True
			End If
		Next
	End If

	RemoveFullMailboxAccess = fFound		
End Function

Function GetLDAPPathFromLegacyDN (sLegacyDN)
	Dim rsUsers
	Dim sLdapPath
	
	objCommand.CommandText = "<GC://" & sDomainContainer & ">;(&(&(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(legacyExchangeDN=" & sLegacyDN & ")) ))));adspath;subtree"
	objCommand.Properties("searchscope") = ADS_SCOPE_SUBTREE
	objCommand.Properties("Page Size") = 10
	objCommand.Properties("Timeout") = 30 
	objCommand.Properties("Chase referrals") = (ADS_CHASE_REFERRALS_SUBORDINATE Or ADS_CHASE_REFERRALS_EXTERNAL)

	err.Clear	
	Set rsUsers = objCommand.Execute
	If (err.number <> 0) Then
		objfileError.WriteLine("Search for mailbox owners failed, error:" & err.Description)
		fOneError = True
	End If
	
	If (rsUsers.RecordCount = 0) Then
		objfileError.WriteLine("No mailbox owner user accounts found for " & sLegacyDN & " in " & sDomainContainer & ".")
		fOneError = True		
	End If

	If (rsUsers.RecordCount > 1) Then
		objfileError.WriteLine("Multiple mailboxs owner user accounts found for " & sLegacyDN & " in " & sDomainContainer & ".")
		fOneError = True		
	End If

	sLdapPath = Replace(rsUsers.Fields(0).Value, "GC://", "LDAP://")	
	GetLDAPPathFromLegacyDN = sLdapPath
	Set rsUsers = Nothing
End Function

Function CloseImportexportFiles

	objfileError.WriteLine("*******************************************************")
	objfileError.WriteLine("End at " & Date & " " & Time)
	objfileError.WriteLine("*******************************************************")

	objFSO.Close
	objfileError.Close
	objfileOutput.Close
	objfileImport.Close
	
	Set objFSO = Nothing
	Set objfileError = Nothing
	Set objfileOutput = Nothing
	Set objfileImport = Nothing
End Function

Function CreateImportExportFiles
	Dim sErrorsFileName
	Dim sImportFileName
	Dim sOutputFileName

	err.Clear
	Set objFSO = CreateObject("Scripting.FileSystemObject")
	sErrorsFileName = ERROR_FILENAME
	sImportFileName = EMPTYSTRING
	sOutputFileName = EMPTYSTRING

	Select Case cScriptMode
		Case MODE_ADD
			sImportFileName = WScript.Arguments(ARG_INDEX_FILENAME)
			sOutputFileName = OUTPUT_FILENAME
		Case MODE_REMOVE
			sImportFileName = OUTPUT_FILENAME 'Use the output file name as the import file.
			sOutputFileName = EMPTYSTRING	
		Case Else
			DisplaySyntax
	End Select

	Set objfileError = objFSO.OpenTextFile(sErrorsFileName, ForAppending, True, TristateTrue)
	objfileError.WriteLine("*******************************************************")
	objfileError.WriteLine("Start at " & Date & " " & Time)
	objfileError.WriteLine("*******************************************************")

	If (cScriptMode = MODE_REMOVE) Then
		Set objfileImport = objFSO.OpenTextFile(sImportFileName, ForReading, False, TristateTrue)
	Else
		Set objfileImport = objFSO.OpenTextFile(sImportFileName, ForReading, False, TristateFalse)
	End If

	If (sOutputFileName <> EMPTYSTRING) Then
		'Determine whether the output file already exists.
		If (objFSO.FileExists(sOutputFileName)) Then
			Set objfileOutput = objFSO.OpenTextFile(sOutputFileName, ForReading, False, TristateTrue)
			sOneRow = objfileOutput.ReadLine
			'If the user name in the file differs from the parameter, the process cannot continue.
			If ( sOneRow <> sGrantedUser ) Then
				WScript.StdOut.WriteLine("The Domain\User must be the same as " & sOneRow )
				WScript.Quit
			End If
			Set objfileOutput = objFSO.OpenTextFile(sOutputFileName, ForAppending, True, TristateTrue)
		Else
			Set objfileOutput = objFSO.OpenTextFile(sOutputFileName, ForWriting, True, TristateTrue)
			'The first line of the log file is the user who is granted the permissions.
			objfileOutput.WriteLine(sGrantedUser)
		End If
	End If
	
	If (err.number <> 0) Then
		WScript.StdOut.WriteLine("Failed to open Log file, error:" & err.Description)
		WScript.Quit
	End If
End Function

Function AddAce(dacl, TrusteeName, gAccessMask, gAceType, gAceFlags, gFlags, gObjectType, gInheritedObjectType)
	Dim Ace1
	
	Set Ace1 = CreateObject("AccessControlEntry")
	Ace1.AccessMask = gAccessMask
	Ace1.AceType = gAceType
	Ace1.AceFlags = gAceFlags
	Ace1.Flags = gFlags
	Ace1.Trustee = TrusteeName
	'Determine whether ObjectType has to be set.
	If CStr(gObjectType) <> "0" Then
		Ace1.ObjectType = gObjectType
	End If

	'Determine whether InheritedObjectType has to be set.
	If CStr(gInheritedObjectType) <> "0" Then
		Ace1.InheritedObjectType = gInheritedObjectType
	End If
	dacl.AddAce Ace1

    Set Ace1 = Nothing
End Function

Function DisplaySyntax
	WScript.StdOut.WriteLine("Syntax:")
	WScript.StdOut.WriteLine()
	WScript.StdOut.WriteLine("Grant Full mailbox access and SendAs permission to USER based on IMPORT_FILE:")
	WScript.StdOut.WriteLine("    CSCRIPT " & WScript.ScriptName & " -Add DOMAIN\USER IMPORT_FILE")
	WScript.StdOut.WriteLine("    NOTE: """ & OUTPUT_FILENAME & """ will be created for -Remove option ")
	WScript.StdOut.WriteLine()
	WScript.StdOut.WriteLine("Remove Full mailbox access and SendAs permission based on " & OUTPUT_FILENAME & ":")
	WScript.StdOut.WriteLine("    CSCRIPT """ & WScript.ScriptName & """ -Remove ")
	WScript.StdOut.WriteLine()
	WScript.StdOut.WriteLine("For all modes, errors are saved to " & ERROR_FILENAME )

	WScript.Quit	
End Function

Applies to
  • Microsoft Exchange Server 2007 Enterprise Edition
  • Microsoft Exchange Server 2007 Standard Edition
  • Microsoft Exchange Server 2003 Enterprise Edition
  • Microsoft Exchange Server 2003 Standard Edition
  • Microsoft Exchange 2000 Enterprise Server
  • Microsoft Exchange 2000 Server Standard Edition
Keywords: 
kbhowto kbinfo KB941018
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support