Problem
Trying to run the new-TestCasConnectivityUser.ps1 raises an error claiming that the password is not complex enough, or that the OU does not exist:
Analysis
Specifying a complex password should be easy enough, but this error message can occur even if you don’t specify an OU and use the default value which is “Users”. In this case, the problem might be caused by the existence of more than one OU called “Users” in your domain. This is easily rectified by explicitly referencing the OU by its canonical or distinguished name, e.g. domain.local/Users. If this doesn’t help, check if you have a restore database online. The script might default to this database and try to create the user’s mailbox in it, which is not supported. If you have implemented split permissions on the other hand, that is probably the cause of all your troubles.
Solution
You have to follow the guide at http://technet.microsoft.com/en-us/library/ee758052(v=exchg.140).aspx, under “Create test mailboxes for synthetic transaction tests when operating in a split permissions model”. This guide is sadly not detailed enough.
I got through step 1-8 fairly easily. I wondered a bit about what accounts to add to the SCOM SynTran Mailbox Creators group (point 6), but I found that adding my own admin user was sufficient so far. I do wonder though if the SCOM run as users will need to be added as well, but this remains to be seen. At point 9 I came to a screeching halt. I waited half an hour for domain sync just to be sure, but no matter what, I still got the same error message as before. I retraced my steps several times, finally concluding that it had to be correct. I tried both Exchange Management Shell and regular Powershell with elevation to no avail. Then it suddenly hit me, point 5 refers to “Exchange 2010 Remote Powershell”. So far, all commands had been executed locally at the mailbox server. I switched over to a CAS server and tried to execute the script, and lo and behold, suddenly it works .
You have to pipe a mailbox server to the script for this to work. I just added get-mailboxserver in front of the script and terminated it after the first successful pass. Unless you have multiple sites, you only need to run it against one mailbox server.