Active Directory User Attribute Question

Greetings Experts - first of all, apologies if I have posted this question into the wrong board. I have a Windows Server 2003 Active Directory Domain (Domain Controllers are all on Service Pack 1) with Exchange Server 2003 on Service Pack 2.

I am using ADModify.Net to add entries to the 'Accept Messages from everyone except' Delivery Restriction under the 'Exchange General' tab of all of our mail-enabled Active Directory accounts. To do this, I am using the 'unAuthorig' attribute in the Custom tab of ADModify.Net along with the 'Multivalued Append' tick box (as I want to add a number of entries for our AD accounts to not accept e-mails from). Seems to work fine.

I am at the testing stage at the moment, and want to have some way of reversing such a large alteration to so many Active Directory accounts if the firm decides it does not want this AFTER it has been put in (we are talking about 1000 mail-enabled AD accounts and so I don't want to have manually change each AD account!)

My question is: does anyone know the name of the attribute I would use to reset each mail-enabled AD account back to 'Accept Messages from Everyone' under the Delivery Restrictions area of the Exchange General tab?

ADModify.Net does not provide an area within the GUI for doing this (or at least version doesn't). So I have to use the CUSTOM tab to do this - but this requires you to know what the actual attribute name is for the change you want to make.

I have looked reasonably hard on the internet and cannot find the attribute name I need. Failing this, is there any other bulk way to remove the change I have put in using ADModify.Net from each mail-enabled AD account?

Any help appreciated - 250 points are available!


Who is Participating?
Jonathan-HotchkissConnect With a Mentor Commented:
Have you considered using LDIFDE.exe to do this. you would simply need a few lines in an excel spreadsheet (which could be created using a basic VB script / macro.)

the excel spreadsheet can be generated using the export facility to give you a "template" to start from but for each user you'd need something like:
****Copy from below this line****
dn: CN=each_users_CN,OU=Users,DC=your_Domain,DC=com
changetype: modify
Replace: unauthOrig
 CN=user1 to be blocked,OU=Standard,OU=Users,DC=your_Domain,DC=com
 CN=user2 to be blocked,OU=Standard,OU=Users,DC=your_Domain,DC=com
****Copy from above this line****

make SURE you include the "-" on the bottom line after the end of each user. check out this site for more help with LDIFDE
hope this helps
CalamityClevAuthor Commented:
Thanks for this - an interesting way of approaching the problem that I hadn't thought of (i.e. I didn't know it could be done this way).

After looking into this further however, I found that there is in fact an 'Undo Changes' action on the start screen of ADModify.NET - doh!

Every successful change you make with ADModify.NET creates a .xml file that can be used to reverse the changes you have just made (as long as you still have this file intact at the time you want to reverse the change).

In the end what I did was create a set of folders (one for each OU in my production domain). I then ran from within each of these folders and it gave me a .xml file that I could use to reverse if I wanted to. It works well.

Having the .xml files arranged to which OU is handy because the .xml files themselves have a naming convention that does not identify what OU you have run them against. Just breaks the task of rolling a change to all AD accounts down to a more granular level.

Thanks for your input though - I will remember this solution for the future!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.