Solved

LDAP query

Posted on 2014-07-23
5
332 Views
Last Modified: 2014-08-20
I work for a school district and we're in the midst of migrating our email from Exchange to Google.  In this process, we've now given students an email account.  The students were placed in a sub-domain of our district domain so they are "@student.domain.com"
I have some distribution lists (groups) that are dynamic in Exchange .  The dynamic groups migrated OK but the members of the group did not.
We're now trying to find the right LDAP query attribute to use with the GADS migration tool so the list will again be populated.  We found that the msExchDynamicDLFilter will work to populate the lists (groups) but it now adds students as well.  These groups (lists) should only have staff and teachers as members.
Here's an example of the LDAP query for the msExchDynamicDLFilter:
(&(!cn=SystemMailbox{*})(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*))) ))) (this is for everyone in the district - we also have lists (groups) for all school sites so here's an example of that query:
(&(physicalDeliveryOfficeName=*SchoolName*)(!(name=SystemMailbox{*))(!(name=CAS_{*))(!(msExchRecipientTypeDetails=16777216))(!(msExchRecipientTypeDetails=536870912))(!(msExchRecipientTypeDetails=8388608)))
My question --- what would I need to add to the above (or exclude from the above) to make sure the students or the student sub-domain are excluded in the query statement?
0
Comment
Question by:skbarnard
  • 3
  • 2
5 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 40216136
If you want to target the primary email address:

(!(mail=*@student.domain.com))

If you want to target any e-mail address:

(!(proxyAddresses=smtp:*@student.domain.com))

HTH

Chris
0
 

Author Comment

by:skbarnard
ID: 40229771
Sorry for the delay - I've been slammed with this email migration project.
Do you have any idea if this will work with Google without having to have Exchange in the mix?  At some point, we're going to decommission our Exchange servers and I'm assuming the groups/lists will quit working for sure when that happens.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 40230123
Not necessarily. If you're using the Google Directory synchronisation tool they should continue to work. Support for dynamic groups is fairly widely advertised.

I can't tell you categorically that this will be true, I don't have the directory synchronisation tool, but I think you have good reason to expect it to work.

Chris
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 40230133
Appropriate documentation for the feature can be found here:

https://www.google.com/support/enterprise/static/gapps/docs/admin/en/gads/admin/config_group_sync.html

The GADS tool can be downloaded from here:

https://support.google.com/a/answer/106368?hl=en

There are lots of instructions kicking around beyond those linked above.

Chris
0
 

Author Closing Comment

by:skbarnard
ID: 40275068
Again, sorry for the delay in my response, the project has been completely migrated.  I ultimately found out that once we turn off (decommission) our Exchange servers that the lists would no longer work.  Therefore, I had to delete the 'dynamic' group and create a global security group, populate the members then the GADS process was run to migrate the groups over to Google.
The links provided by Chris are good links to have.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article runs through the process of deploying a single EXE application selectively to a group of user.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question