It’s Complicated

Joe’s blog about technology, life, and more.

   Recently I ran into a very strange issue with Exchange 2003, IIS 6 and SMTP domains.  The environment is a mixed Exchange 2003/2007 site with about 10 public SMTP domain names for which this Exchange org is responsible for.  Since the beginning of my time as the Administrator for this system the recipient policy settings have been the same.  All the SMTP domains are listed in the recipient policy but some are unchecked.  For years this has been the case and we’ve never had a problem.  But something must have happened recently, because the last few days have been busy for me trying to figure out what was causing a mail delivery issue that resulted in all incoming mail for several of the legitimate public SMTP domains to bounce back to the sender.

   After some research and manual testing to try to identify what was causing the problem, I found a strange thing.  In the IIS 6 metabase on one of the Exchange 2003 servers, the public SMTP domains were missing from the “domains” key under LM\SMTPSVC\1\DOMAIN.  Two of our domains were listed but all the rest were missing.  If the domains are not listed in the IIS metabase for SMTP, the server will reject mail sent to those domains because it doesn’t realize that its responsible for receiving mail for them.  So I decided to do a test, I opened up the recipient policy and put a check next to all public SMTP domains and waited a minute before refreshing the IIS metabase information.  When I checked again, I found all the public SMTP domains were correctly listed in the IIS metabase now. 

   Earlier in the day I was trying to send test messages via telnet through SMTP.  When I would try to send a test message to a user on one of the affected domains I would get the error “unable to relay for user@domain.com”.  After refreshing the IIS 6 metabase, my telnet test messages were being accepted successfully and I confirmed that the user was receiving them.  Again, the recipient policies have been the same since the beginning of the AD in this site.  I have no idea why all of a sudden we would see incoming mail problems.  I can only speculate what might have happened, perhaps a quirk due to an unexpected DC shutdown, or maybe its some weird fluke with IIS 6 and some other third party apps that have SMTP event hooks that caused it.  I really have no idea and I don’t have a screenshot of the IIS 6 metabase config from before the time when we started to have problems. 

   What fixed the problem was to make sure all the public SMTP domains appeared in the IIS 6 metabase.  After that was taken care of, mail delivery issues were fixed and I was able to verify this using manual telnet test messages.  So I know what the problem was and I know what fixed it, I just don’t know what actually caused the problem in the first place. 

   If you don’t have a metabase explorer, you can use the one included in the IIS 6 resource kit, which is available as a download from Microsoft.

Immagine you are in the I.T. Department at a larger company.  Now immagine that your users get a lot of e-mail, seriously, thousands a day – mostly because they are on distribution lists for the company which receive a lot of mail.  Now picture these users traveling internationally and wanting to save on roaming data charges by cutting down on the volume of e-mail they receive on their mobile phones, or simply want to go on vacation and not have to deal with the burden of managing their e-mail while they are out of the office.  On top of all this (by this time you may really working your immagination) the users want you to take them off of a huge number of lists at weird times of the day such as 10pm.  In addition they want to be re-added at 5am the following week.

How do you handle the above scenario?  What would you do?  Normally the users I deal with may just accept that they have to stick with normal business hours for list changes such as I described above.  Or perhaps they will rely on international I.T. Support to do it for them due to the convenience of time zone differences.

What if there were a better way to deal with this situation?  Would you be interested?  What if there was a way to batch and automate the addition or removal of Distribution Lists on a user’s account?

I found myself in exactly the same situation I described above.  I spent some time researching my options and trying to find a good solution; something that would let me create batch files which could be setup as a scheduled task in widnows.  Something that could add and remove DLs from a user’s profile at any time of the day or night without me having to pyhsically make the change myself.  To my surprise, I couldn’t find anything out there that would do the job.  Thats when I decided to head over to vbforums.com and ask for some help creating an application or script that would do what I needed.

With gracious work by member chris128, a new application was created that completely takes care of the above scenarios.  Chris created an application called DLManager in VB.NET, and I performed real world testing and evaluation of the program.  This is a very useful application that goes even beyond Distribution List management into the realm of security groups as well.  Which means you could batch, automate and schedule Active Directory security group membership changes as well.

Application Information:

* Compiled VB.NET executable meant to be called from the command line
* Requires the .NET framework 2.0 or higher in order to function
* Can be run in a DOS batch file
* Can be scheduled via batch script or other automation tool (see http://www.networkautomation.com)
* Very small footprint at less than 30kb in size
* .ini config file to hangle AD domain configuration information

Command line syntax: dlmanage.exe [add/remove] [target AD username]  [DLNAME] (OPTIONAL): adminusername adminpassword

Example for admin user: dlmanage remove jdoe “Information Technology”

Example for non-admin user: dlmanage remove jdoe “Information Technology Administrator AdminPasswordHere

NOTE: Quotes are only needed for DL or security groups that have spaces in the name.

(this download is free software, and full credit goes to the author, see author’s site for more details)