This blog is by design...

Wednesday, June 29, 2005

I'm in a Citrix Presentation Server class this week, so no time for new postings. But in the meantime, visit my resume by clicking here.

Wednesday, June 22, 2005

ADModify.Net Posted by Hello

Bulk changes to the "Delivery Restrictions" field with ADModify

Just to build on my last post, why do something by hand or write a script when the Exchange folks have been kind enough to write a nice little GUI utility to help you make bulk changes? Not sure about you all, but I'd much rather be playing Counterstrike than sitting around clicking a thousand users to make the same change on all of them. Wouldn't you?

So anyways, this neat little tool is called ADModify, and you can download it here. I won't write too much about it since the team over at EHLO has already done that, which makes sense since they wrote it! But, for the script in my previous post, all you'd need to do to make the same change is run ADModify.Net, get to the screen above (the Custom field)(sorry the pic is so small) and for this particular example you would enter dlMemSubmitPerms in the Attribute Name field, and the DN, or distinguished name of the value we want to add. So we would add CN=ALLMAIL,OU=DistLists,DC=domain,DC=com for a group called ALLMAIL in and OU called DistLists in a a domain called ''. For this value you also have to check the 'Multivalued Append' box, which is necessary for any attribute that can hold more than one value. To add the second group in our example you'd just finish adding the first one then rerun the utility.

But, don't listen to my ramblings, check out Dan Winter's post on the subject over at EHLO for more information


Tuesday, June 21, 2005

Beach Party Posted by Hello

Monday, June 20, 2005

"How to edit Exchange AD Attributes for multple users" or "How to bulk populate the Message Restrictions tab in AD"

I've been asked such questions numerous times. It's usually asked by an admin in an environment such as a school where abuse of the email system is rampant, to say the least. Often the admin wants to be able to restrict the end user such that he can receive messages on from a particular AD group. In a school, for example, you could have a group that contains all teachers and staff members. You can then go into the ADUC properties for a selected user, select the Exchange general tab, Delivery restrictions, Message Restrictions, select the 'Only From' radio button, and enter the teachers/staff members group in this area. This will effectively prevent students from emailing each other, since they're only allowed to receive emails from members of the authorized group (teachers). Now, if you have a large number of users, you're probably not going to want go into the properties for each user and make this change.

I had originally written a little script to make this change en masse, but then found out about a little too that can handle it as well. First off, here's the script:

Const strOU = "LDAP://OU=Test OU,DC=domain,DC=com"
Const strGroup1 = "CN=ALLMAIL,OU=DistLists,DC=domain,DC=com"
Const strGroup2 = "CN=ALLIT,OU=DistLists,DC=domain,DC=com"

Set objOU = GetObject(strOU)
objOU.Filter = Array("user")

For Each objUser In objOU
'wscript.Echo objUser.Name
"dlmemSubmitPerms", Array(strGroup1,strGroup2)

wscript.echo "All Done"

The script will put two groups called ALLMAIL and ALLIT in the aforementioned box (Accept messages only from) for all users in an OU called Test OU. Obviously you're going to have to change the DN's to match your own environment if you want this script to work for you.

I'm going to write a separate post on how to use ADModify to accomplish the same task.


Friday, June 17, 2005

Script to write all server names to a file using SQL type query

This is a simple little script that will generate a text file of server and DC names sorted in alphabetical order. In my Win2K domain, all my servers (other than DC's, of course) reside in an OU called Servers that is in the root of my OU structure. I have several child OU's under the Servers OU, but this script accounts for that so we don't need to worry about doing any kind of OU recurse. We're just going to use a SQL type query to query the entire domain with an ADODB connection for any computer object with the word "Servers" in it's distinguishedName. I figured most people probably have a similar setup (all your servers in one OU), so just change the strServersCont variable to match the name of the OU you keep your servers in and the script should work for you as well.

I've also included code to pull in the names from the default Domain Controllers OU. We then use a totally separate recordset to sort the first recordset by name, and voila. We have a nice little text file, c:\servers.txt, with the names of all servers and all DC's. I have several other scripts that get their data from this text file and I didn't want to have to worry about updating the file every time we added/removed servers, so I have this script set up as a daily task. One less thing I have to worry about :)

Const ForWriting = 2
Const OpenAsASCII = 0
strServersCont = "Servers"
strOutputFile = "c:\servers.txt"

Set objRootDSE = GetObject("LDAP://rootDSE")
strDomain = "LDAP://"& objRootDSE.Get("defaultNamingContext")

Set objFSO = CreateObject("scripting.filesystemobject")
Set objOutputFile = objFSO.CreateTextFile _
(strOutputFile, ForWriting, OpenAsASCII)

Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"

Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection

objCommand.CommandText = "<"& strDomain & _
">;(objectCategory=computer)" & ";distinguishedName,cn;subtree"
objCommand.Properties("Page Size") = 10000

Const adVarChar = 200 'specifies a string type data
Set objRecordsetNew = CreateObject("ADODB.Recordset")
objRecordsetNew.Fields.Append "ServerName", adVarChar, 50

Set objRecordSet = objCommand.Execute

While Not objRecordSet.EOF
if instr(objRecordSet.Fields("distinguishedName"), strServersCont) _
<> 0 OR instr(objRecordSet.Fields("distinguishedName"), _
"Domain Controllers")then
objRecordSetNew("ServerName") = objRecordset.Fields.Item("cn").Value
strCount = strCount + 1
end if

objRecordSetNew.Sort = "ServerName ASC"

While Not objRecordSetNew.EOF
objOutputFile.writeline objRecordSetNew.Fields.Item("ServerName")


set objConnection = Nothing
set objCommand = Nothing
set objRecordSet = Nothing
set objRecordSetNew = Nothing
set objOutputFile = Nothing
set objFSO = Nothing

Thursday, June 02, 2005

VBSCRIPT - For all domain users, write all their Delegate information to a file

The following script will recurse (go through) your AD structure,
and for all user accounts it will take their Outlook delegate information
and write it out to a file. Until recently I didn't realize that delegate
information that was set inside the Outlook client was stored in AD, but
guess what. It is. Give it a try...

'you MAY NOT post this script on any other website
'you MAY post a link to the script, thus giving me my due credit for
'writing it.

Set objRootDSE = GetObject("LDAP://rootDSE")
Set objDomainRoot = GetObject("LDAP://"& _

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objOutputFile = objFSO.CreateTextFile("c:\Delegates.txt", True)

For Each objItem in objDomainRoot
'wscript.Echo objItem.Name
If objItem.Class="organizationalUnit" Then
OURecurse objItem.ADSPath
end if

If objItem.Class="user" Then
ProcessUsers objItem
End If

set objOutputFile = Nothing
set objRootDSE = Nothing
set objDomainRoot = Nothing
set objFSO = Nothing

wscript.Echo "All Done"

Sub ProcessUsers(objUsers)
On Error Resume Next

'wscript.Echo objUsers.Name
set objPD = GetObject("LDAP://"& _
objOutputFile.Writeline objPD.displayName
delegateList = objPD.GetEx("publicDelegates")
For Each Desc In delegateList
objOutputFile.Writeline Desc

set objPD = Nothing

End Sub

' This sub is responsible for going through the AD Structure

Sub OURecurse(objFirst)

Dim objOrgUnit, objItem

Set objOrgUnit = GetObject(objFirst)
For Each objItem in objOrgUnit
If objItem.Class="user" Then
'wscript.Echo objItem.Name
ProcessUsers objItem
End If

If objItem.Class="organizationalUnit" Then
'wscript.Echo objItem.Name
OURecurse objItem.ADSPath
End If

Set objOrgUnit = Nothing

End Sub

'you MAY NOT post this script on any other website
'you MAY post a link to the script, thus giving me my due credit for
'writing it.