[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Exchange 2003 Query-based Distribution List for all currently logged-on AD users

Posted on 2007-08-01
3
Medium Priority
?
374 Views
Last Modified: 2008-10-28
As the IT manager of a company with c. 200 users, I find myself sending e-mails to an "All" distribution list informing people that a server will be rebooted in 10 mins, please don't use this printer today, the Intranet will be off for 20 mins, etc. When people are on holiday, they come back to a load of useless e-mails like this. As we are a tour operator, we often have 20% of staff out on research trips abroad, so it's a common complaint.

What I would like to do is have a query-based distribution list called "Logged-on Users" that can use LDAP to query currently logged-on users, so only people currently in the building will receive these e-mails. Makes a lot of sense I think! But I can't find any posts about this anywhere - has anyone worked this out?

I wasn't sure if there was a flag anywhere in AD that shows whether that user has logged-on to the domain or not (and is reset when they log off), but thought that a way round this may be to have a custom attribute set to "1" when they log on and "0" when they log off, then to use LDAP to build the query-based distribution list based on this value. But I'm not sure how to get this value set at logon/logoff.

Any solution to this problem would be fantastic! Thanks very much.

Robert Stokes
IT Manager
Audley Travel Group
0
Comment
Question by:AudleyTravel
3 Comments
 
LVL 23

Expert Comment

by:Malli Boppe
ID: 19607575
I don't think their is any attributewhich tells whether a user is logged on.
Only way to find who is logged on to the network is create a login script.
http://www.experts-exchange.com/Networking/Windows_Networking/Q_21786328.html?sfQueryTermInfo=1+all+find+log+user
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 21397501
I know this is an old question but the easiest way for these is to set the duration of the email to one day. After the timer expires it deletes itself :)
0
 

Accepted Solution

by:
AudleyTravel earned 0 total points
ID: 22785542
Thanks for your suggestions but we found a way around this that seems to work quite well. Using Group Policy logon/logoff scripts we have a vbscript that sets CustomAttribute1 to 1 on logon and 0 on logoff and then the Query-Based Distribution group checks AD for all the 1's and sends the email to those people. The only issue we've found seems to be around password expiry time. If a user's password expires or sometimes even when they do change it in time, the script fails with an error saying "Table does not exist". I'm fairly sure this is because the script is denied access to read from/write to active directory because their password or other security doesn't match up. To fix it we either reset their password and then run the script manually or sometimes we don't have to because the next time they launch Outlook, they are prompted for their password and given the option to save the updated password. The next time they logon it works OK. Anyway, here are the scripts in case anyone wants to use them. There might be better ways to code it but it works.

Logon:

dim oshell
dim UserString
dim objUser

set oshell = wscript.createobject("wscript.shell")
UserString = oshell.expandenvironmentstrings("%username%")
UserDN = SearchDistinguishedName(UserString)

Set objUser = GetObject("LDAP://" & UserDN)

objUser.Put "extensionAttribute1", "1"
objUser.SetInfo

Public Function SearchDistinguishedName(ByVal vSAN)
    Dim oRootDSE, oConnection, oCommand, oRecordSet

    Set oRootDSE = GetObject("LDAP://rootDSE")
    Set oConnection = CreateObject("ADODB.Connection")
    oConnection.Open "Provider=ADsDSOObject;"
    Set oCommand = CreateObject("ADODB.Command")
    oCommand.ActiveConnection = oConnection
    oCommand.CommandText = "<LDAP://" & oRootDSE.get("defaultNamingContext") & _
        ">;(&(objectCategory=User)(samAccountName=" & vSAN & "));distinguishedName;subtree"
    Set oRecordSet = oCommand.Execute
    On Error Resume Next
    SearchDistinguishedName = oRecordSet.Fields("DistinguishedName")
    On Error GoTo 0
    oConnection.Close
    Set oRecordSet = Nothing
    Set oCommand = Nothing
    Set oConnection = Nothing
    Set oRootDSE = Nothing
End Function

Set oshell = Nothing
Set objUser = Nothing
===================================================
Logoff:

dim oshell
dim UserString
dim objUser

set oshell = wscript.createobject("wscript.shell")
UserString = oshell.expandenvironmentstrings("%username%")
UserDN = SearchDistinguishedName(UserString)

Set objUser = GetObject("LDAP://" & UserDN)

objUser.Put "extensionAttribute1", "0"
objUser.SetInfo

Public Function SearchDistinguishedName(ByVal vSAN)
    Dim oRootDSE, oConnection, oCommand, oRecordSet

    Set oRootDSE = GetObject("LDAP://rootDSE")
    Set oConnection = CreateObject("ADODB.Connection")
    oConnection.Open "Provider=ADsDSOObject;"
    Set oCommand = CreateObject("ADODB.Command")
    oCommand.ActiveConnection = oConnection
    oCommand.CommandText = "<LDAP://" & oRootDSE.get("defaultNamingContext") & _
        ">;(&(objectCategory=User)(samAccountName=" & vSAN & "));distinguishedName;subtree"
    Set oRecordSet = oCommand.Execute
    On Error Resume Next
    SearchDistinguishedName = oRecordSet.Fields("DistinguishedName")
    On Error GoTo 0
    oConnection.Close
    Set oRecordSet = Nothing
    Set oCommand = Nothing
    Set oConnection = Nothing
    Set oRootDSE = Nothing
End Function

Set oshell = Nothing
Set objUser = Nothing

Hope somebody can make use of it.

Cheers,

Pat Mckeon
IT Support Consultant Extraordinaire
Audley Travel Group
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question