In Exchange KMS Key Import Wizard, the Unknown Users
screen will only appear when KMS cannot match one or more incoming
users with a corresponding Exchange mailbox globally unique identifier (GUID). Before the
wizard can continue, you must match unknown users with existing
mailboxes in Active Directory.
The Recipient
Update Service creates a GUID for every Exchange
mailbox. Because all Exchange mailboxes are identified uniquely,
you can move them from server to server without conflict. KMS uses
the mailbox GUID to identify users in Active Directory. If KMS
displays the Unknown Users screen, a user account may have
been removed from Active Directory after the user was exported from
a Key Management server. With the mailbox in Active Directory
account deleted, KMS will not have anything to associate with the
GUID contained in the export file, and therefore the user will not
be recognized by the importing KMS. Even if you have created a new
mailbox for the user on the destination server, the mailbox will
have a different GUID than the one associated with the user in the
export file.
Note The names displayed in
the Unknown Users screen are taken from users' certificates
as part of the exported Advanced Security information.
To resolve unknown users:
By default, KMS will not import any users it cannot identify.
To proceed without resolving names, highlight one or more names,
and then click Do Not Import. When you click Next,
importing will proceed only for those users that are identified by
KMS.
To resolve users, highlight a name, and then click Resolve
User. In Select Users and Computers, select the
appropriate user account in Active Directory. When you click
Next, importing will proceed and the accounts you mapped to
the unknown users will receive those users' keys.
Warning In
this step, the displayed name can be mapped to any Active Directory
account. Be careful to choose the correct one.