Exchange 2003 Query-based Distribution List for all currently logged-on AD users

As the IT manager of a company with c. 200 users, I find myself sending e-mails to an "All" distribution list informing people that a server will be rebooted in 10 mins, please don't use this printer today, the Intranet will be off for 20 mins, etc. When people are on holiday, they come back to a load of useless e-mails like this. As we are a tour operator, we often have 20% of staff out on research trips abroad, so it's a common complaint.

What I would like to do is have a query-based distribution list called "Logged-on Users" that can use LDAP to query currently logged-on users, so only people currently in the building will receive these e-mails. Makes a lot of sense I think! But I can't find any posts about this anywhere - has anyone worked this out?

I wasn't sure if there was a flag anywhere in AD that shows whether that user has logged-on to the domain or not (and is reset when they log off), but thought that a way round this may be to have a custom attribute set to "1" when they log on and "0" when they log off, then to use LDAP to build the query-based distribution list based on this value. But I'm not sure how to get this value set at logon/logoff.

Any solution to this problem would be fantastic! Thanks very much.

Robert Stokes
IT Manager
Audley Travel Group
AudleyTravelAsked:
Who is Participating?
 
AudleyTravelConnect With a Mentor Author Commented:
Thanks for your suggestions but we found a way around this that seems to work quite well. Using Group Policy logon/logoff scripts we have a vbscript that sets CustomAttribute1 to 1 on logon and 0 on logoff and then the Query-Based Distribution group checks AD for all the 1's and sends the email to those people. The only issue we've found seems to be around password expiry time. If a user's password expires or sometimes even when they do change it in time, the script fails with an error saying "Table does not exist". I'm fairly sure this is because the script is denied access to read from/write to active directory because their password or other security doesn't match up. To fix it we either reset their password and then run the script manually or sometimes we don't have to because the next time they launch Outlook, they are prompted for their password and given the option to save the updated password. The next time they logon it works OK. Anyway, here are the scripts in case anyone wants to use them. There might be better ways to code it but it works.

Logon:

dim oshell
dim UserString
dim objUser

set oshell = wscript.createobject("wscript.shell")
UserString = oshell.expandenvironmentstrings("%username%")
UserDN = SearchDistinguishedName(UserString)

Set objUser = GetObject("LDAP://" & UserDN)

objUser.Put "extensionAttribute1", "1"
objUser.SetInfo

Public Function SearchDistinguishedName(ByVal vSAN)
    Dim oRootDSE, oConnection, oCommand, oRecordSet

    Set oRootDSE = GetObject("LDAP://rootDSE")
    Set oConnection = CreateObject("ADODB.Connection")
    oConnection.Open "Provider=ADsDSOObject;"
    Set oCommand = CreateObject("ADODB.Command")
    oCommand.ActiveConnection = oConnection
    oCommand.CommandText = "<LDAP://" & oRootDSE.get("defaultNamingContext") & _
        ">;(&(objectCategory=User)(samAccountName=" & vSAN & "));distinguishedName;subtree"
    Set oRecordSet = oCommand.Execute
    On Error Resume Next
    SearchDistinguishedName = oRecordSet.Fields("DistinguishedName")
    On Error GoTo 0
    oConnection.Close
    Set oRecordSet = Nothing
    Set oCommand = Nothing
    Set oConnection = Nothing
    Set oRootDSE = Nothing
End Function

Set oshell = Nothing
Set objUser = Nothing
===================================================
Logoff:

dim oshell
dim UserString
dim objUser

set oshell = wscript.createobject("wscript.shell")
UserString = oshell.expandenvironmentstrings("%username%")
UserDN = SearchDistinguishedName(UserString)

Set objUser = GetObject("LDAP://" & UserDN)

objUser.Put "extensionAttribute1", "0"
objUser.SetInfo

Public Function SearchDistinguishedName(ByVal vSAN)
    Dim oRootDSE, oConnection, oCommand, oRecordSet

    Set oRootDSE = GetObject("LDAP://rootDSE")
    Set oConnection = CreateObject("ADODB.Connection")
    oConnection.Open "Provider=ADsDSOObject;"
    Set oCommand = CreateObject("ADODB.Command")
    oCommand.ActiveConnection = oConnection
    oCommand.CommandText = "<LDAP://" & oRootDSE.get("defaultNamingContext") & _
        ">;(&(objectCategory=User)(samAccountName=" & vSAN & "));distinguishedName;subtree"
    Set oRecordSet = oCommand.Execute
    On Error Resume Next
    SearchDistinguishedName = oRecordSet.Fields("DistinguishedName")
    On Error GoTo 0
    oConnection.Close
    Set oRecordSet = Nothing
    Set oCommand = Nothing
    Set oConnection = Nothing
    Set oRootDSE = Nothing
End Function

Set oshell = Nothing
Set objUser = Nothing

Hope somebody can make use of it.

Cheers,

Pat Mckeon
IT Support Consultant Extraordinaire
Audley Travel Group
0
 
Malli BoppeCommented:
I don't think their is any attributewhich tells whether a user is logged on.
Only way to find who is logged on to the network is create a login script.
http://www.experts-exchange.com/Networking/Windows_Networking/Q_21786328.html?sfQueryTermInfo=1+all+find+log+user
0
 
Keith AlabasterEnterprise ArchitectCommented:
I know this is an old question but the easiest way for these is to set the duration of the email to one day. After the timer expires it deletes itself :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.