Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

LDAP query

Posted on 2014-07-23
5
Medium Priority
?
358 Views
Last Modified: 2014-08-20
I work for a school district and we're in the midst of migrating our email from Exchange to Google.  In this process, we've now given students an email account.  The students were placed in a sub-domain of our district domain so they are "@student.domain.com"
I have some distribution lists (groups) that are dynamic in Exchange .  The dynamic groups migrated OK but the members of the group did not.
We're now trying to find the right LDAP query attribute to use with the GADS migration tool so the list will again be populated.  We found that the msExchDynamicDLFilter will work to populate the lists (groups) but it now adds students as well.  These groups (lists) should only have staff and teachers as members.
Here's an example of the LDAP query for the msExchDynamicDLFilter:
(&(!cn=SystemMailbox{*})(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*))) ))) (this is for everyone in the district - we also have lists (groups) for all school sites so here's an example of that query:
(&(physicalDeliveryOfficeName=*SchoolName*)(!(name=SystemMailbox{*))(!(name=CAS_{*))(!(msExchRecipientTypeDetails=16777216))(!(msExchRecipientTypeDetails=536870912))(!(msExchRecipientTypeDetails=8388608)))
My question --- what would I need to add to the above (or exclude from the above) to make sure the students or the student sub-domain are excluded in the query statement?
0
Comment
Question by:skbarnard
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 40216136
If you want to target the primary email address:

(!(mail=*@student.domain.com))

If you want to target any e-mail address:

(!(proxyAddresses=smtp:*@student.domain.com))

HTH

Chris
0
 

Author Comment

by:skbarnard
ID: 40229771
Sorry for the delay - I've been slammed with this email migration project.
Do you have any idea if this will work with Google without having to have Exchange in the mix?  At some point, we're going to decommission our Exchange servers and I'm assuming the groups/lists will quit working for sure when that happens.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 40230123
Not necessarily. If you're using the Google Directory synchronisation tool they should continue to work. Support for dynamic groups is fairly widely advertised.

I can't tell you categorically that this will be true, I don't have the directory synchronisation tool, but I think you have good reason to expect it to work.

Chris
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 40230133
Appropriate documentation for the feature can be found here:

https://www.google.com/support/enterprise/static/gapps/docs/admin/en/gads/admin/config_group_sync.html

The GADS tool can be downloaded from here:

https://support.google.com/a/answer/106368?hl=en

There are lots of instructions kicking around beyond those linked above.

Chris
0
 

Author Closing Comment

by:skbarnard
ID: 40275068
Again, sorry for the delay in my response, the project has been completely migrated.  I ultimately found out that once we turn off (decommission) our Exchange servers that the lists would no longer work.  Therefore, I had to delete the 'dynamic' group and create a global security group, populate the members then the GADS process was run to migrate the groups over to Google.
The links provided by Chris are good links to have.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question