Active Directory User Attribute Question

Greetings Experts - first of all, apologies if I have posted this question into the wrong board. I have a Windows Server 2003 Active Directory Domain (Domain Controllers are all on Service Pack 1) with Exchange Server 2003 on Service Pack 2.

I am using ADModify.Net to add entries to the 'Accept Messages from everyone except' Delivery Restriction under the 'Exchange General' tab of all of our mail-enabled Active Directory accounts. To do this, I am using the 'unAuthorig' attribute in the Custom tab of ADModify.Net along with the 'Multivalued Append' tick box (as I want to add a number of entries for our AD accounts to not accept e-mails from). Seems to work fine.

I am at the testing stage at the moment, and want to have some way of reversing such a large alteration to so many Active Directory accounts if the firm decides it does not want this AFTER it has been put in (we are talking about 1000 mail-enabled AD accounts and so I don't want to have manually change each AD account!)

My question is: does anyone know the name of the attribute I would use to reset each mail-enabled AD account back to 'Accept Messages from Everyone' under the Delivery Restrictions area of the Exchange General tab?

ADModify.Net does not provide an area within the GUI for doing this (or at least version doesn't). So I have to use the CUSTOM tab to do this - but this requires you to know what the actual attribute name is for the change you want to make.

I have looked reasonably hard on the internet and cannot find the attribute name I need. Failing this, is there any other bulk way to remove the change I have put in using ADModify.Net from each mail-enabled AD account?

Any help appreciated - 250 points are available!


Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Have you considered using LDIFDE.exe to do this. you would simply need a few lines in an excel spreadsheet (which could be created using a basic VB script / macro.)

the excel spreadsheet can be generated using the export facility to give you a "template" to start from but for each user you'd need something like:
****Copy from below this line****
dn: CN=each_users_CN,OU=Users,DC=your_Domain,DC=com
changetype: modify
Replace: unauthOrig
 CN=user1 to be blocked,OU=Standard,OU=Users,DC=your_Domain,DC=com
 CN=user2 to be blocked,OU=Standard,OU=Users,DC=your_Domain,DC=com
****Copy from above this line****

make SURE you include the "-" on the bottom line after the end of each user. check out this site for more help with LDIFDE
hope this helps

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CalamityClevAuthor Commented:
Thanks for this - an interesting way of approaching the problem that I hadn't thought of (i.e. I didn't know it could be done this way).

After looking into this further however, I found that there is in fact an 'Undo Changes' action on the start screen of ADModify.NET - doh!

Every successful change you make with ADModify.NET creates a .xml file that can be used to reverse the changes you have just made (as long as you still have this file intact at the time you want to reverse the change).

In the end what I did was create a set of folders (one for each OU in my production domain). I then ran from within each of these folders and it gave me a .xml file that I could use to reverse if I wanted to. It works well.

Having the .xml files arranged to which OU is handy because the .xml files themselves have a naming convention that does not identify what OU you have run them against. Just breaks the task of rolling a change to all AD accounts down to a more granular level.

Thanks for your input though - I will remember this solution for the future!

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.