Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

LDAP query

Posted on 2014-07-23
5
326 Views
Last Modified: 2014-08-20
I work for a school district and we're in the midst of migrating our email from Exchange to Google.  In this process, we've now given students an email account.  The students were placed in a sub-domain of our district domain so they are "@student.domain.com"
I have some distribution lists (groups) that are dynamic in Exchange .  The dynamic groups migrated OK but the members of the group did not.
We're now trying to find the right LDAP query attribute to use with the GADS migration tool so the list will again be populated.  We found that the msExchDynamicDLFilter will work to populate the lists (groups) but it now adds students as well.  These groups (lists) should only have staff and teachers as members.
Here's an example of the LDAP query for the msExchDynamicDLFilter:
(&(!cn=SystemMailbox{*})(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*))) ))) (this is for everyone in the district - we also have lists (groups) for all school sites so here's an example of that query:
(&(physicalDeliveryOfficeName=*SchoolName*)(!(name=SystemMailbox{*))(!(name=CAS_{*))(!(msExchRecipientTypeDetails=16777216))(!(msExchRecipientTypeDetails=536870912))(!(msExchRecipientTypeDetails=8388608)))
My question --- what would I need to add to the above (or exclude from the above) to make sure the students or the student sub-domain are excluded in the query statement?
0
Comment
Question by:skbarnard
  • 3
  • 2
5 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 40216136
If you want to target the primary email address:

(!(mail=*@student.domain.com))

If you want to target any e-mail address:

(!(proxyAddresses=smtp:*@student.domain.com))

HTH

Chris
0
 

Author Comment

by:skbarnard
ID: 40229771
Sorry for the delay - I've been slammed with this email migration project.
Do you have any idea if this will work with Google without having to have Exchange in the mix?  At some point, we're going to decommission our Exchange servers and I'm assuming the groups/lists will quit working for sure when that happens.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 40230123
Not necessarily. If you're using the Google Directory synchronisation tool they should continue to work. Support for dynamic groups is fairly widely advertised.

I can't tell you categorically that this will be true, I don't have the directory synchronisation tool, but I think you have good reason to expect it to work.

Chris
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 40230133
Appropriate documentation for the feature can be found here:

https://www.google.com/support/enterprise/static/gapps/docs/admin/en/gads/admin/config_group_sync.html

The GADS tool can be downloaded from here:

https://support.google.com/a/answer/106368?hl=en

There are lots of instructions kicking around beyond those linked above.

Chris
0
 

Author Closing Comment

by:skbarnard
ID: 40275068
Again, sorry for the delay in my response, the project has been completely migrated.  I ultimately found out that once we turn off (decommission) our Exchange servers that the lists would no longer work.  Therefore, I had to delete the 'dynamic' group and create a global security group, populate the members then the GADS process was run to migrate the groups over to Google.
The links provided by Chris are good links to have.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question