Solved

Active Directory LDAP Custom Query for mail distribution group

Posted on 2011-03-17
17
1,305 Views
Last Modified: 2012-05-11
Dear experts!

I would like to know how I need to define an Active Directory LDAP query for mail distribution.

The following is the situation:

I have an OU=TEST1 and a Sub-OU=TEST2

In the query I posted, I select all members from ou TEST2. However, I need to also select all members from the above ou TEST1 where the user description is like 'IT DEPARTMENT'.
This is due to the fact that in our environment I cannot have one and the same user in multiple OUs.

Can you please show me how I can select all members from TEST2 and union the ones from TEST1 where the user description field contains the criteria '%IT%'!

It wouldn't be a problem is SQL but LDAP is so much different! :-)

Many thanks for your help! I appreciate your effort!

Best regards,

skahlert2010
(&(!cn=SystemMailbox{*})(&(&(&(mailnickname=*](|(&(objectCategory=person)(objectClass=user)(!(useraccountcontrol:1.2.840.113556.1.2.803:=2))(|(homeMDB=*)(msExchHomeServerName=*))) )))))

Open in new window

0
Comment
Question by:skahlert2010
  • 9
  • 8
17 Comments
 
LVL 12

Expert Comment

by:Navdeep
Comment Utility
Hi,

what is the purpose behind this query? Why you need such a query?

are you trying to create distribution list for mail enabled users ?
0
 

Author Comment

by:skahlert2010
Comment Utility
Hello v-2nas! Exactly! You're right! I am trying to create a distribution list for all users in different organizational units. Like I said, All members of an OU TEST2 and the ones in the upper OU TEST1 that have a certain flag in their description field.

The query has to be customized since the wizard doesn't allow me to formulate such a complex statement.

Hope you or somebody else can assist me?!

Rgds,
skahlert
0
 
LVL 12

Expert Comment

by:Navdeep
Comment Utility
Why don't you create one mail enabled distribution list and make all the users from OU1 and OU2 member of it.
0
 

Author Comment

by:skahlert2010
Comment Utility
Because Not all Users of ou 2 should Be members of the Distribution List! Is my Artemis with the query impossible?  I guess it should Be an Option of i knew how to Second it!
!
0
 
LVL 12

Expert Comment

by:Navdeep
Comment Utility
Thats what i am saying you create a distribution group and manually add the users u want

Or r u trying query base dist group due to dynamic n large user base
0
 

Author Comment

by:skahlert2010
Comment Utility
Sorry I misunderstood you at First! My Base Group contains too many Users to Select them all manually! It is a considerable administrative effort, which I like to avoid with a dynamic query!
0
 

Author Comment

by:skahlert2010
Comment Utility
Nobody having an example or idea for such a query with an "or" option?
0
 
LVL 12

Expert Comment

by:Navdeep
Comment Utility
I will do it for you. It weekend right now ;)
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:skahlert2010
Comment Utility
Good morning v-2nas!

You're right it is weekend! I could'nt stop thinking about this issue, whereas I should infact just enjoy the weekend as you recommend!

 I wish you a great Sunday and am looking forward to your answer!

Take care,

skahlert2010
0
 
LVL 12

Expert Comment

by:Navdeep
Comment Utility
Hi,

what is your os and exchange version
0
 

Author Comment

by:skahlert2010
Comment Utility
Hi v-2-nas!
Great yoU're back at it! I have already experimented a little bit today to no avail though!
I have Active Directory Users and Computers v.5.2.3790.3959 and Windows Server 2003. Exchange is 2003 as far as I know!
0
 
LVL 12

Accepted Solution

by:
Navdeep earned 500 total points
Comment Utility
Hi,

Please check this online article for query based DN
http://www.petri.co.il/working_with_query_based_distribution_groups_in_exchange_2003.htm

I have tried with Ex2007. Works fine, for exchange 2003 i need to setup a new lab. Just see, i believe it should work.
0
 

Author Comment

by:skahlert2010
Comment Utility
Thank you v-2-nas for your help and for posting this excellent how-to!

I finally got a little further and the query is working to a certain extent.

However, I would like to search for all users whose distinguishedName contains the OU "abt_neu".
This part is not working at all and doesn't yield any output. Is there a way to query a special OU and return all its users.

The wildcard operator for the dn doesn't seem to work!

Brgds,

skahlert2010

(&(!cn=SystemMailbox{*})(&(&(& (mailnickname=*) 
(| (&(objectCategory=person)(objectClass=user)
(!(useraccountcontrol:1.2.840.113556.1.4.803:=2))
(|(homeMDB=*)(msExchHomeServerName=*))
(|(memberOf=*CN=lwf-gr-gg-1,OU=abt_neu,OU=groups,OU=LWF,DC=my,DC=domain,DC=com)
((description=*StVPrae*))) ) )))))

Open in new window

0
 
LVL 12

Expert Comment

by:Navdeep
Comment Utility
so basically now you want to search under that particular ou, modify the query to include searchroot starting from abt_neu
0
 

Author Comment

by:skahlert2010
Comment Utility
Thanks four replying once more, but could you post a short example of how to include "searchroot" before I close the question and award you the credits?

You've done a gret job and I really appreciate it!

Best regards,

skahlert2010
0
 
LVL 12

Expert Comment

by:Navdeep
Comment Utility
Thx for you compliments. can you post a screenshot where you have added the above ldap code. If you check the the link that i have posted. It selects the searchroot using gui.

as you using msExchDynamicDistributionList
0
 

Author Closing Comment

by:skahlert2010
Comment Utility
I just wanted to say thanks for your help and close this question! Due to your help I found a solution that works for me! Thanks a lot!

Best regards,

skahlert2010
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now