"How to edit Exchange AD Attributes for multple users" or "How to bulk populate the Message Restrictions tab in AD"
I've been asked such questions numerous times. It's usually asked by an admin in an environment such as a school where abuse of the email system is rampant, to say the least. Often the admin wants to be able to restrict the end user such that he can receive messages on from a particular AD group. In a school, for example, you could have a group that contains all teachers and staff members. You can then go into the ADUC properties for a selected user, select the Exchange general tab, Delivery restrictions, Message Restrictions, select the 'Only From' radio button, and enter the teachers/staff members group in this area. This will effectively prevent students from emailing each other, since they're only allowed to receive emails from members of the authorized group (teachers). Now, if you have a large number of users, you're probably not going to want go into the properties for each user and make this change.
I had originally written a little script to make this change en masse, but then found out about a little too that can handle it as well. First off, here's the script:
'*******************************************************
Const strOU = "LDAP://OU=Test OU,DC=domain,DC=com"
Const strGroup1 = "CN=ALLMAIL,OU=DistLists,DC=domain,DC=com"
Const strGroup2 = "CN=ALLIT,OU=DistLists,DC=domain,DC=com"
Set objOU = GetObject(strOU)
objOU.Filter = Array("user")
For Each objUser In objOU
'wscript.Echo objUser.Name
objUser.PutEx ADS_PROPERTY_APPEND, _
"dlmemSubmitPerms", Array(strGroup1,strGroup2)
objUser.SetInfo
Next
wscript.echo "All Done"
'*******************************************************
The script will put two groups called ALLMAIL and ALLIT in the aforementioned box (Accept messages only from) for all users in an OU called Test OU. Obviously you're going to have to change the DN's to match your own environment if you want this script to work for you.
I'm going to write a separate post on how to use ADModify to accomplish the same task.
Kris
I had originally written a little script to make this change en masse, but then found out about a little too that can handle it as well. First off, here's the script:
'*******************************************************
Const strOU = "LDAP://OU=Test OU,DC=domain,DC=com"
Const strGroup1 = "CN=ALLMAIL,OU=DistLists,DC=domain,DC=com"
Const strGroup2 = "CN=ALLIT,OU=DistLists,DC=domain,DC=com"
Set objOU = GetObject(strOU)
objOU.Filter = Array("user")
For Each objUser In objOU
'wscript.Echo objUser.Name
objUser.PutEx ADS_PROPERTY_APPEND, _
"dlmemSubmitPerms", Array(strGroup1,strGroup2)
objUser.SetInfo
Next
wscript.echo "All Done"
'*******************************************************
The script will put two groups called ALLMAIL and ALLIT in the aforementioned box (Accept messages only from) for all users in an OU called Test OU. Obviously you're going to have to change the DN's to match your own environment if you want this script to work for you.
I'm going to write a separate post on how to use ADModify to accomplish the same task.
Kris
1 Comments:
The scripts work. One thing that may need a little attention is that the group names must be entered correctly. Otherwise you may receive error message. The filter is not necessary, but is certainly important to place it there.
By newingtoncollege.nsw.edu.au, at 1:29 AM
Post a Comment
<< Home