Backtrack:  
 
by lunarg on February 14th 2014, at 09:33

If you have users that were created in AD but not through the SBS console, you'll notice they will not be present in the SBS console. This can be a nuisance for management purposes when you're used to using the SBS console for administering users, but it can also become a problem for some SBS functionality, such as the SBS POP3 Connector. There is a way for your users to be added to the SBS console without having to recreate them, though.

When querying the list of users, the SBS console in fact looks for a certain AD attribute inside each user. This attribute, when set, will enable listing in the SBS console. So, by setting the attribute, you will in fact "import" the user in your SBS console, allowing administration and enabling SBS functions.

  1. Start up ADSI Edit from Administrative Tools (or do: Start, Run, adsiedit.msc).
  2. If you've never used ADSI Edit before, right-click on the root of the tree on the left, then Connect to.... Keep the default values in the next window. This will open up the correct partition.
  3. Browse through the partition, and look for your user(s). It may be useful to first locate the user in Active Directory Users and Computers so you'll find the user faster in ADSI Edit.
  4. Once you've found the user, right-click it and select Properties. This will display the list of attributes.
  5. Find the attribute msSBSCreationState and set its value to Created. Click OK to save. Repeat for other users.

From here on, your users will be available in the SBS console. Although you could further change attributes from within ADSI Edit, it's much easier to do the rest (e.g. allow access to RWW/OWA, assign user roles, ...) from inside the SBS console.