Versions / Builds Affected
20140627Status
ResolvedProblem Summary
GFI MailEssentials counts disabled account (system mailboxes and disabled users)TT / JIRAID
2183How to Identify
The USERCNTAD log file shows system mailboxes and disabled users counted against the licensed user list.
example:
"info ","USERCNTAD","DN: CN=SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9},CN=Users,...
"info ","USERCNTAD","DN: CN=SystemMailbox{6366640A-0E65-4942-9B24-0F6AE711E8B7},CN=Microsoft Exchange System Objects,...
"info ","USERCNTAD","DN: CN=DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852},CN=Users,...
Running the same LDAP query that GFI MailEssentials is running in the network Active Directory search tool (by navigating to My Computer->Network->Search Active Directory, just under the address bar), run by an Administrator should count the users correctly.
(&(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(mail=*)(samAccountName=*)(!(msExchRecipientTypeDetails:1.2.840.113556.1.4.803:=549755813888)))
Looking up the disabled users by running ADSIedit under local system, the UserAccountControl attribute will be missing. Since this attribute is used to identify the disabled users, they will be counted by GFI MailEssentials.Workaround / Fix Details
The workaround consists in giving the GFI MailEssentials computer the permission to read the UserAccountControl attribute of all users.Required Actions
As the issue is caused by Microsoft Active Directory specific restrictions and is not a default setting, customer should amend the Microsoft Active Directory permissions accordingly.