Automating User Mailbox Creation

The trick to creating Exchange 2000 user mailboxes via scripting is in the CDOEXM libraries.

Bill: Is there a way to create a mail-enabled user account in Windows 2000 with a VB script. I wrote a script that creates the account, places the account in the right OU, creates an e-mail address and places the user in the right group. I can't figure out the mail-enable part. There must be a way to do this all in one script.

Eric: I'm going to assume that you're using Exchange 2000 since you used the expression "mail-enable" the user. I'm also going to assume that you mean "mailbox-enable" the user rather than just assigning an SMTP address to the account.

Get Help from Bill

Got a Windows or Exchange question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to Bill at; the best questions get answered in this column.

When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message but submit the requested information for verification purposes.)

The trick to creating a user mailbox is to run your code on a machine with the Exchange admin tools installed so you can get access to the CDOEXM libraries. You can run the script on an Exchange server or you can install the Exchange tools on your workstation. Then, all you need to do is add a few lines to your script that define the mailbox server for the user and to create the mailbox.

You'll need to know the Distinguished Name of the mailbox store. The simplest way to get this is to copy the HomeMDB attribute of an existing mailbox-enabled user as long as the new users you create will use the same mailbox server. Dump the attributes of an existing user using the LDP browser from the Support Tools or use LDIFDE with the following syntax:

ldifde -d cn=existinguser,ou=someou,dc=domain,dc=root -f con

The -f con directs the output to the console. Here's an example for a user
called Tom Hanks in the standard Users container in a domain called

ldifde -d "cn=tom hanks,cn=users,dc=company,dc=com" -f con

Here's an example of the listing:

HomeMDB: "CN=Mailbox Store (W2K3-EX1), _
   CN=First Storage Group," & _
  "CN=InformationStore,CN=w2k3-EX1,CN=Servers, _
   CN=Phoenix," & _
  "CN=Administrative Groups,CN=company, _
   CN=Microsoft Exchange," & _

You said that your script already created the user account, but just for the sake of example, here's some quick ADSI code that creates a new user object in Active Directory under the default Users container:

userName = "Tom Hanks"
tempPassword = "Green$Mile"

splitName = Split(userName, " ")
firstName = lcase(splitName(0))
lastName = lcase(splitName(1))
logonName = left(firstName,1) & lastName
upnName = LogonName & UPNDomain

Set RootDSE = GetObject("LDAP://RootDSE")
domainDN = RootDSE.Get("DefaultNamingContext")
Set userContainer = GetObject("LDAP://cn=users," & _

set newUser = userContainer.Create("user", "cn=" & _
newUser.SamAccountName = logonName

newUser.FirstName = firstName
newUser.LastName = lastName
newuser.DisplayName = userName
newUser.Description = "Test User"
newUser.AccountDisabled = FALSE

Okay, here's where we create the user's mailbox. The trick here is remembering that VBScript doesn't know diddly about an ADSI object or a CDOEXM object, so you can create a new instance of the ADSI object and use it with a CDOEXM method call and it all "just works." Here's the code:

MBXStoreDN = "CN=Mailbox Store (W2K3-EX1), _
    CN=First Storage Group," & _
    CN=Servers,CN=Phoenix," & _
   "CN=Administrative Groups,CN=company, _
    CN=Microsoft Exchange," & _

Set exchUser = newUser
ExchUser.CreateMailbox MBXStoreDN

At this point, wait a little bit for the Recipient Update Service to apply
the SMTP address onto the user and you're ready to send mail to the account.
You can check the attributes in Active Directory Users and Computers.

Let me know how this works for you...

About the Author

Contributing Editor Bill Boswell, MCSE, is the principal of Bill Boswell Consulting, Inc. He's the author of Inside Windows Server 2003 and Learning Exchange Server 2003 both from Addison Wesley. Bill is also Redmond magazine's "Windows Insider" columnist and a speaker at MCP Magazine's TechMentor Conferences.


  • Microsoft Bolsters Windows IoT with NXP and SQL Server Support

    Microsoft's Internet of Things (IoT) product line is continuing to grow, with a few new developments highlighted this week.

  • Tamper Protection Now Available to Microsoft Defender ATP Subscribers

    The Microsoft Defender Advanced Threat Protection (ATP) E5 subscription plan now has an optional "tamper protection" security feature, Microsoft announced on Monday.

  • Exploring OCR, a New Way To Get Data into Excel

    Microsoft recently added a new optical character recognition feature to Excel that lets users import data from a photograph taken from a smartphone. Here's how to use it.

  • Microsoft Authenticator App To Get Real-Time Phishing Protections

    Microsoft is working on adding capabilities to its Microsoft Authenticator app to help defeat security breaches enabled by advanced attack techniques, including phishing and man-in-the-middle methods.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.