Active Directory User Attribute Question

Posted on 2008-11-12
Last Modified: 2012-05-05
Greetings Experts - first of all, apologies if I have posted this question into the wrong board. I have a Windows Server 2003 Active Directory Domain (Domain Controllers are all on Service Pack 1) with Exchange Server 2003 on Service Pack 2.

I am using ADModify.Net to add entries to the 'Accept Messages from everyone except' Delivery Restriction under the 'Exchange General' tab of all of our mail-enabled Active Directory accounts. To do this, I am using the 'unAuthorig' attribute in the Custom tab of ADModify.Net along with the 'Multivalued Append' tick box (as I want to add a number of entries for our AD accounts to not accept e-mails from). Seems to work fine.

I am at the testing stage at the moment, and want to have some way of reversing such a large alteration to so many Active Directory accounts if the firm decides it does not want this AFTER it has been put in (we are talking about 1000 mail-enabled AD accounts and so I don't want to have manually change each AD account!)

My question is: does anyone know the name of the attribute I would use to reset each mail-enabled AD account back to 'Accept Messages from Everyone' under the Delivery Restrictions area of the Exchange General tab?

ADModify.Net does not provide an area within the GUI for doing this (or at least version doesn't). So I have to use the CUSTOM tab to do this - but this requires you to know what the actual attribute name is for the change you want to make.

I have looked reasonably hard on the internet and cannot find the attribute name I need. Failing this, is there any other bulk way to remove the change I have put in using ADModify.Net from each mail-enabled AD account?

Any help appreciated - 250 points are available!


Question by:CalamityClev

    Accepted Solution

    Have you considered using LDIFDE.exe to do this. you would simply need a few lines in an excel spreadsheet (which could be created using a basic VB script / macro.)

    the excel spreadsheet can be generated using the export facility to give you a "template" to start from but for each user you'd need something like:
    ****Copy from below this line****
    dn: CN=each_users_CN,OU=Users,DC=your_Domain,DC=com
    changetype: modify
    Replace: unauthOrig
     CN=user1 to be blocked,OU=Standard,OU=Users,DC=your_Domain,DC=com
     CN=user2 to be blocked,OU=Standard,OU=Users,DC=your_Domain,DC=com
    ****Copy from above this line****

    make SURE you include the "-" on the bottom line after the end of each user. check out this site for more help with LDIFDE
    hope this helps

    Author Closing Comment

    Thanks for this - an interesting way of approaching the problem that I hadn't thought of (i.e. I didn't know it could be done this way).

    After looking into this further however, I found that there is in fact an 'Undo Changes' action on the start screen of ADModify.NET - doh!

    Every successful change you make with ADModify.NET creates a .xml file that can be used to reverse the changes you have just made (as long as you still have this file intact at the time you want to reverse the change).

    In the end what I did was create a set of folders (one for each OU in my production domain). I then ran from within each of these folders and it gave me a .xml file that I could use to reverse if I wanted to. It works well.

    Having the .xml files arranged to which OU is handy because the .xml files themselves have a naming convention that does not identify what OU you have run them against. Just breaks the task of rolling a change to all AD accounts down to a more granular level.

    Thanks for your input though - I will remember this solution for the future!


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Set up iPhone and iPad email signatures to always send in high-quality HTML with this step-by step guide.
    Create high volume marketing opportunities using email signatures with these top 10 DOs and DON'Ts of email signature marketing.
    In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
    This video discusses moving either the default database or any database to a new volume.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now