Solved

LDAP query

Posted on 2014-07-23
5
350 Views
Last Modified: 2014-08-20
I work for a school district and we're in the midst of migrating our email from Exchange to Google.  In this process, we've now given students an email account.  The students were placed in a sub-domain of our district domain so they are "@student.domain.com"
I have some distribution lists (groups) that are dynamic in Exchange .  The dynamic groups migrated OK but the members of the group did not.
We're now trying to find the right LDAP query attribute to use with the GADS migration tool so the list will again be populated.  We found that the msExchDynamicDLFilter will work to populate the lists (groups) but it now adds students as well.  These groups (lists) should only have staff and teachers as members.
Here's an example of the LDAP query for the msExchDynamicDLFilter:
(&(!cn=SystemMailbox{*})(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*))) ))) (this is for everyone in the district - we also have lists (groups) for all school sites so here's an example of that query:
(&(physicalDeliveryOfficeName=*SchoolName*)(!(name=SystemMailbox{*))(!(name=CAS_{*))(!(msExchRecipientTypeDetails=16777216))(!(msExchRecipientTypeDetails=536870912))(!(msExchRecipientTypeDetails=8388608)))
My question --- what would I need to add to the above (or exclude from the above) to make sure the students or the student sub-domain are excluded in the query statement?
0
Comment
Question by:skbarnard
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 40216136
If you want to target the primary email address:

(!(mail=*@student.domain.com))

If you want to target any e-mail address:

(!(proxyAddresses=smtp:*@student.domain.com))

HTH

Chris
0
 

Author Comment

by:skbarnard
ID: 40229771
Sorry for the delay - I've been slammed with this email migration project.
Do you have any idea if this will work with Google without having to have Exchange in the mix?  At some point, we're going to decommission our Exchange servers and I'm assuming the groups/lists will quit working for sure when that happens.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 40230123
Not necessarily. If you're using the Google Directory synchronisation tool they should continue to work. Support for dynamic groups is fairly widely advertised.

I can't tell you categorically that this will be true, I don't have the directory synchronisation tool, but I think you have good reason to expect it to work.

Chris
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 40230133
Appropriate documentation for the feature can be found here:

https://www.google.com/support/enterprise/static/gapps/docs/admin/en/gads/admin/config_group_sync.html

The GADS tool can be downloaded from here:

https://support.google.com/a/answer/106368?hl=en

There are lots of instructions kicking around beyond those linked above.

Chris
0
 

Author Closing Comment

by:skbarnard
ID: 40275068
Again, sorry for the delay in my response, the project has been completely migrated.  I ultimately found out that once we turn off (decommission) our Exchange servers that the lists would no longer work.  Therefore, I had to delete the 'dynamic' group and create a global security group, populate the members then the GADS process was run to migrate the groups over to Google.
The links provided by Chris are good links to have.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question